Inversive or negative flexible thresholds match
F
FastNetMon
For example it may be useful to create flexible threshold only for specific type of traffic like: traffic from port 11211 udp and then in same time to have catch-all threshold which will include everything else to ensure protection from other attack types.
We definitely can create static threshold for UDP traffic but it will catch traffic which is already included in flexible thresholds and both of them will trigger in same time which is not desirable outcome
It cannot be implementer right now but by adding flexible threshold like this:
1) port 11211 udp
2) port 123 UDP
3) not port 123 and not port 11211 UDP
Section 3 cannot be implemented right now but it's important for us to have in our tool