On Tue, Oct 10, 2023 at 02:53:15PM +0200, Alexander Bluhm wrote: > Hi, > > The behaviour of the PFRULE_SRCTRACK and max_states check was > unintentionally changed by this commit. > > ---------------------------- > revision 1.964 > date: 2016/01/25 18:49:57; author: sashan; state: Exp; lines: +18 -10; > commitid: KeemoLxcm7FS1oYy; > - plugging massive pf_state_key leak > > OK mpi@ dlg@ sthen@ > ---------------------------- > > If we do not create a state after some limit was reached, pf still > passes the packet. We can restore the old behavior by setting > action later, after the checks. > > ok? >
oh dear... thanks for finding that bug out and killing it OK sashan