From 207d51de552ddd5b7f75d67ed5b8829e3357257e Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Tue, 24 Dec 2024 17:06:41 +0100
Subject: [PATCH] Firewall: Automation: Filter - add max-src-nodes,
 max-src-states options for https://github.com/opnsense/core/issues/8143

---
 .../OPNsense/Firewall/forms/dialogFilterRule.xml   | 14 ++++++++++++++
 .../mvc/app/models/OPNsense/Firewall/Filter.xml    |  7 ++++++-
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Firewall/forms/dialogFilterRule.xml b/src/opnsense/mvc/app/controllers/OPNsense/Firewall/forms/dialogFilterRule.xml
index 1258c368dc..27570965f2 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/Firewall/forms/dialogFilterRule.xml
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Firewall/forms/dialogFilterRule.xml
@@ -154,6 +154,20 @@
         <help>State Timeout in seconds (TCP only)</help>
         <advanced>true</advanced>
     </field>
+    <field>
+        <id>rule.max-src-nodes</id>
+        <label>Max source nodes</label>
+        <type>text</type>
+        <help>Limits the maximum number of source addresses which can simultaneously have state table entries.</help>
+        <advanced>true</advanced>
+    </field>
+    <field>
+        <id>rule.max-src-states</id>
+        <label>Max source states</label>
+        <type>text</type>
+        <help>Limits the maximum number of simultaneous state entries that a single source address can create with this rule.</help>
+        <advanced>true</advanced>
+    </field>
     <field>
         <id>rule.nopfsync</id>
         <label>NO pfsync</label>
diff --git a/src/opnsense/mvc/app/models/OPNsense/Firewall/Filter.xml b/src/opnsense/mvc/app/models/OPNsense/Firewall/Filter.xml
index 73afc51d38..20a0b439f1 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Firewall/Filter.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/Firewall/Filter.xml
@@ -141,8 +141,13 @@
                 </nopfsync>
                 <statetimeout type="IntegerField">
                     <MinimumValue>1</MinimumValue>
-                    <MaximumValue>65536</MaximumValue>
                 </statetimeout>
+                <max-src-nodes type="IntegerField">
+                    <MinimumValue>1</MinimumValue>
+                </max-src-nodes>
+                <max-src-states type="IntegerField">
+                    <MinimumValue>1</MinimumValue>
+                </max-src-states>
                 <categories type="ModelRelationField">
                     <Model>
                         <rulesets>