CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2023/10/10 10:26:06
Modified files:
sys/net : pf.c
Log message:
pf(4) must not pass packet if state cannot be created.
The behavior of the PFRULE_SRCTRACK and max_states check was
unintentionally changed by commit revision 1.964. If the state was
not created due to some limit had been reached, pf still passed the
packet. Restore the old logic by setting action to pass later,
after the checks. In pf_test_rule() action is initialized to drop.
OK sashan@
