On Tue, Oct 10, 2023 at 02:53:15PM +0200, Alexander Bluhm wrote:
> Hi,
>
> The behaviour of the PFRULE_SRCTRACK and max_states check was
> unintentionally changed by this commit.
>
> ----------------------------
> revision 1.964
> date: 2016/01/25 18:49:57; author: sashan; state: Exp; lines: +18 -10;
> commitid: KeemoLxcm7FS1oYy;
> - plugging massive pf_state_key leak
>
> OK mpi@ dlg@ sthen@
> ----------------------------
>
> If we do not create a state after some limit was reached, pf still
> passes the packet. We can restore the old behavior by setting
> action later, after the checks.
>
> ok?
>
oh dear... thanks for finding that bug out and killing it
OK sashan
