2e0e45a516
pf(4) users who use limiters in current should update the rules
accordingly to reflect the change in default behavior. The existing
rule which reads as follows:
pass in from any to any state limiter test
needs to be changed to:
pass in from any to any state limiter test (no-match)
OK dlg@
Obtained from: OpenBSD, sashan <sashan@openbsd.org>, c600931321
Sponsored by: Rubicon Communications, LLC ("Netgate")
3 lines
124 B
Plaintext
3 lines
124 B
Plaintext
state limiter "dns-server" id 1 limit 1000 rate 1/10
|
|
pass in proto tcp to port domain state limiter "dns-server" (no-match)
|