limit & ruleset reload

Ed White Wed, 02 Jun 2004 12:41:06 -0700

Hi,

thanks to jknight@ I've understood that PF doesn't restore default values when 
loading a ruleset that doesn't set a limit.



-------pf1.conf----------------- 
pass in quick inet keep state (source-track global, max-src-states 3)
----------------------------------

# pfctl -f pf1.conf ; pfctl -s all
..
src-nodes               hard limit              10000
..


Now pf2 set a lower limit

-------pf2.conf----------------- 
set limit src-nodes 2000
pass in quick inet keep state (source-track global, max-src-states 3)
----------------------------------

# pfctl -f pf1.conf ; pfctl -s all
..
src-nodes               hard limit              2000
..


Again pf1

-------pf1.conf----------------- 
pass in quick inet keep state (source-track global, max-src-states 3)
----------------------------------

# pfctl -f pf1.conf ; pfctl -s all
..
src-nodes               hard limit              2000    <--- why not 10000 ?
..


Is this a bug or a feature ? ;-)


        Ed

limit & ruleset reload

Reply via email to