The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=445a3c86e674800f70fce6d8f2038f09deee37cf
commit 445a3c86e674800f70fce6d8f2038f09deee37cf Author: Kristof Provost <[email protected]> AuthorDate: 2026-01-07 15:20:21 +0000 Commit: Kristof Provost <[email protected]> CommitDate: 2026-01-14 06:44:40 +0000 pfctl tests: basic source and state limiter tests Sponsored by: Rubicon Communications, LLC ("Netgate") --- sbin/pfctl/tests/files/pf1076.in | 2 ++ sbin/pfctl/tests/files/pf1076.ok | 2 ++ sbin/pfctl/tests/files/pf1077.in | 2 ++ sbin/pfctl/tests/files/pf1077.ok | 2 ++ sbin/pfctl/tests/pfctl_test_list.inc | 2 ++ 5 files changed, 10 insertions(+) diff --git a/sbin/pfctl/tests/files/pf1076.in b/sbin/pfctl/tests/files/pf1076.in new file mode 100644 index 000000000000..af815fd4c5ef --- /dev/null +++ b/sbin/pfctl/tests/files/pf1076.in @@ -0,0 +1,2 @@ +state limiter "dns-server" id 1 limit 1000 rate 1/10 +pass in proto tcp to port domain state limiter "dns-server" diff --git a/sbin/pfctl/tests/files/pf1076.ok b/sbin/pfctl/tests/files/pf1076.ok new file mode 100644 index 000000000000..def9533b1e60 --- /dev/null +++ b/sbin/pfctl/tests/files/pf1076.ok @@ -0,0 +1,2 @@ +state limiter dns-server id 1 limit 1000 rate 1/10 +pass in proto tcp from any to any port = domain flags S/SA keep state state limiter id 1 diff --git a/sbin/pfctl/tests/files/pf1077.in b/sbin/pfctl/tests/files/pf1077.in new file mode 100644 index 000000000000..9394624622d8 --- /dev/null +++ b/sbin/pfctl/tests/files/pf1077.in @@ -0,0 +1,2 @@ +source limiter "dns-server" id 1 entries 2 limit 3 rate 4/5 inet mask 16 +pass in proto tcp to port domain source limiter "dns-server" diff --git a/sbin/pfctl/tests/files/pf1077.ok b/sbin/pfctl/tests/files/pf1077.ok new file mode 100644 index 000000000000..e52afb6bff9c --- /dev/null +++ b/sbin/pfctl/tests/files/pf1077.ok @@ -0,0 +1,2 @@ +source limiter dns-server id 1 limit 2 states 3 rate 4/5 inet mask 16 +pass in proto tcp from any to any port = domain flags S/SA keep state source limiter id 1 diff --git a/sbin/pfctl/tests/pfctl_test_list.inc b/sbin/pfctl/tests/pfctl_test_list.inc index 9dd4a590ad8f..a7328a860dda 100644 --- a/sbin/pfctl/tests/pfctl_test_list.inc +++ b/sbin/pfctl/tests/pfctl_test_list.inc @@ -184,3 +184,5 @@ PFCTL_TEST_FAIL(1072, "Invalid port range") PFCTL_TEST(1073, "Filter AF different than route-to AF, with prefer-ipv6-nexthop") PFCTL_TEST_FAIL(1074, "Filter AF different than route-to AF, without prefer-ipv6-nexthop") PFCTL_TEST(1075, "One shot rule") +PFCTL_TEST(1076, "State limiter") +PFCTL_TEST(1077, "Source limiter")
