On 2021-05-05, Axel Rau <axel....@chaos1.de> wrote: >> >> check the table name … > > But even with the correct table name I had to flush states to get it working.
That is expected. A state lookup is done before parsing the ruleset. You can try clearing states with pfctl -k but there are some issues, it doesn't always work. > Does anyone has a script handy to update the table to black hole dns clients > which repeat same query with high frequency? This is usually best dealt with in your DNS server software e.g. by using the rrl-* configuration in NSD, see nsd.conf(5), or "rate-limit" config section in BIND.
