OpenBSD PF Developer Interview
Subject:   questions of the bridge
Date:   2004-06-22 23:15:11
From:   xiyang
Response to: questions of the bridge

two problems:
1)it is random(),the method that limit the number of states by src IP maybe not effective.
2)i had use the function in the freebsd 4.10,but,the attacker could stuff your stack(net.inet.ip.fw.dyn_count) immediately,the syslogd report that "too many dyn rules..",so,you must add the num of net.inet.ip.fw.dyn_max, do like:
sysctl -w net.inet.ip.fw.dyn_max=32768