CVSROOT: /cvs
Module name: src
Changes by: henn...@cvs.openbsd.org 2017/11/13 04:30:11
Modified files:
sbin/pfctl : parse.y pfctl_parser.c
sys/net : pf.c pf_ioctl.c pfvar.h
share/man/man5 : pf.conf.5
Log message:
add a generic packet rate matching filter. allows things like
pass in proto icmp max-pkt-rate 100/10
all packets matching the rule in the direction the state was created are
taken into consideration (typically: requests, but not replies).
Just like with the other max-*, the rule stops matching if the maximum is
reached, so in typical scenarios the default block rule would kick in then.
with input from Holger Mikolon
ok mikeb
