What happens with "Maximum number of unique source hosts (TCP/UDP/ICMP)"
When "Maximum number of unique source hosts (TCP/UDP/ICMP)" is set in a rule, is the n+1 source host denied or is the oldest entry (and all its states) cleared and the new one added? Or something else?
And can I safely assume that as soon as all states for a particular source host expire, that slot is freed for another source host?
New connection is denied. Old ones will die off as they close normally.