I would like to limit DNS packet size to for example 90 bytes. I made a traffic stream for dst port UDP 53 and associated with payload filter. In payload filter I defined bounduaries as: start \s (start of packet) end \p (end of packet). In field If number of bytes after start and before any other flag exceeds: I putted here 90 Connection Flow then I selected Drop packet, close connection and I selected the same for Primary Action. Then when I sended to DNS packets with size exceeded 90 bytes, they were not blocked. What I'm doing wrong?