diff options
| author | Kristof Provost <kp@FreeBSD.org> | 2026-01-07 15:20:21 +0000 |
|---|---|---|
| committer | Kristof Provost <kp@FreeBSD.org> | 2026-01-14 06:44:40 +0000 |
| commit | 445a3c86e674800f70fce6d8f2038f09deee37cf (patch) | |
| tree | ac16cd463d38fba6c90c4580e7313ac545831dac | |
| parent | 398ca30cb6d6cb6f0f5433fae11d07a65a9259dd (diff) | |
pfctl tests: basic source and state limiter tests
Sponsored by: Rubicon Communications, LLC ("Netgate")
| -rw-r--r-- | sbin/pfctl/tests/files/pf1076.in | 2 | ||||
| -rw-r--r-- | sbin/pfctl/tests/files/pf1076.ok | 2 | ||||
| -rw-r--r-- | sbin/pfctl/tests/files/pf1077.in | 2 | ||||
| -rw-r--r-- | sbin/pfctl/tests/files/pf1077.ok | 2 | ||||
| -rw-r--r-- | sbin/pfctl/tests/pfctl_test_list.inc | 2 |
5 files changed, 10 insertions, 0 deletions
diff --git a/sbin/pfctl/tests/files/pf1076.in b/sbin/pfctl/tests/files/pf1076.in new file mode 100644 index 000000000000..af815fd4c5ef --- /dev/null +++ b/sbin/pfctl/tests/files/pf1076.in @@ -0,0 +1,2 @@ +state limiter "dns-server" id 1 limit 1000 rate 1/10 +pass in proto tcp to port domain state limiter "dns-server" diff --git a/sbin/pfctl/tests/files/pf1076.ok b/sbin/pfctl/tests/files/pf1076.ok new file mode 100644 index 000000000000..def9533b1e60 --- /dev/null +++ b/sbin/pfctl/tests/files/pf1076.ok @@ -0,0 +1,2 @@ +state limiter dns-server id 1 limit 1000 rate 1/10 +pass in proto tcp from any to any port = domain flags S/SA keep state state limiter id 1 diff --git a/sbin/pfctl/tests/files/pf1077.in b/sbin/pfctl/tests/files/pf1077.in new file mode 100644 index 000000000000..9394624622d8 --- /dev/null +++ b/sbin/pfctl/tests/files/pf1077.in @@ -0,0 +1,2 @@ +source limiter "dns-server" id 1 entries 2 limit 3 rate 4/5 inet mask 16 +pass in proto tcp to port domain source limiter "dns-server" diff --git a/sbin/pfctl/tests/files/pf1077.ok b/sbin/pfctl/tests/files/pf1077.ok new file mode 100644 index 000000000000..e52afb6bff9c --- /dev/null +++ b/sbin/pfctl/tests/files/pf1077.ok @@ -0,0 +1,2 @@ +source limiter dns-server id 1 limit 2 states 3 rate 4/5 inet mask 16 +pass in proto tcp from any to any port = domain flags S/SA keep state source limiter id 1 diff --git a/sbin/pfctl/tests/pfctl_test_list.inc b/sbin/pfctl/tests/pfctl_test_list.inc index 9dd4a590ad8f..a7328a860dda 100644 --- a/sbin/pfctl/tests/pfctl_test_list.inc +++ b/sbin/pfctl/tests/pfctl_test_list.inc @@ -184,3 +184,5 @@ PFCTL_TEST_FAIL(1072, "Invalid port range") PFCTL_TEST(1073, "Filter AF different than route-to AF, with prefer-ipv6-nexthop") PFCTL_TEST_FAIL(1074, "Filter AF different than route-to AF, without prefer-ipv6-nexthop") PFCTL_TEST(1075, "One shot rule") +PFCTL_TEST(1076, "State limiter") +PFCTL_TEST(1077, "Source limiter") |