Hi, I am trying to rate limit UDP with Packet Filter. I know there are rules to rate limit on TCP such as "max number" or "max-src-conn-rate number / interval" but I did not find anything for UDP.
I still tried the options with these rules, but once the number of states was reached, the NTP server kept answering the requests : pass in on $ext_if proto udp to 192.0.2.1 port 123 keep state (max 10) --- table <blocked_hosts> persist block in quick from <blocked_hosts> pass in on $ext_if proto udp to 192.0.2.1 port 123 keep state \ (max-src-conn-rate 10/50, overload <blocked_hosts> flush global) Is there a way to do that ? Regards, Jérémy.
