Quote:
Why is 'overload table' works only when I remove the ssh port from udp_services?..
|
Your filter rule has two protocols in a list. This is expanded into separate rules by PF, which you can see with
# pfctl -sr if you are interested.
I am guessing that having the two protocols, because they are expanded, is the root cause -- it inteferes with correct stateful processing.
SSH does not use UDP, so you can eliminate the problem by removing UDP from the rule.