pf integration: route labels


pf can filter based on these labels
    pass in on egress from route foo keep state

of course, pf can be used to assign traffic to QoS queues as well...
    pass from route TDC keep state queue reallyslow

combining BGP information with pf capabilities is very powerful
limit states per source address, depending on AS
max-src-nodes, max-src-states
max-src-conn / max-src-conn-rate help fighting DDoS
identify attack origin ASes