extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-12-15 19:01:19 +01:00
Code Issues Packages Projects Releases Wiki Activity

Use new hashlimit match syntax if available

Browse Source
This commit is contained in:
Tom Eastep 2010-07-31 07:19:41 -07:00
parent 637cfdaa14
commit 005b6f7b45
3 changed files with 20 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -2207,16 +2207,19 @@ sub do_ratelimit( $$ ) {
my $match = have_capability( 'OLD_HL_MATCH' ) ? 'hashlimit' : 'hashlimit-upto'; my $match = have_capability( 'OLD_HL_MATCH' ) ? 'hashlimit' : 'hashlimit-upto';
my $units; my $units;
if ( $rate =~ /^[sd]:((\w*):)?(\d+(\/(sec|min|hour|day))?):(\d+)$/ ) { if ( $rate =~ /^[sd]:((\w*):)?((\d+)(\/(sec|min|hour|day))?):(\d+)$/ ) {
$limit .= "--hashlimit $3 --hashlimit-burst $6 --hashlimit-name "; fatal_error "Invalid Rate ($3)" unless $4;
fatal_error "Invalid Burst ($7)" unless $7;
$limit .= "--hashlimit $3 --hashlimit-burst $7 --hashlimit-name ";
$limit .= $2 ? $2 : 'shorewall' . $hashlimitset++; $limit .= $2 ? $2 : 'shorewall' . $hashlimitset++;
$limit .= ' --hashlimit-mode '; $limit .= ' --hashlimit-mode ';
$units = $5; $units = $6;
} elsif ( $rate =~ /^[sd]:((\w*):)?(\d+(\/(sec|min|hour|day))?)$/ ) { } elsif ( $rate =~ /^[sd]:((\w*):)?((\d+)(\/(sec|min|hour|day))?)$/ ) {
fatal_error "Invalid Rate ($3)" unless $4;
$limit .= "--$match $3 --hashlimit-name "; $limit .= "--$match $3 --hashlimit-name ";
$limit .= $2 ? $2 : 'shorewall' . $hashlimitset++; $limit .= $2 ? $2 : 'shorewall' . $hashlimitset++;
$limit .= ' --hashlimit-mode '; $limit .= ' --hashlimit-mode ';
$units = $5; $units = $6;
} else { } else {
fatal_error "Invalid rate ($rate)"; fatal_error "Invalid rate ($rate)";
} }
@ -2235,9 +2238,12 @@ sub do_ratelimit( $$ ) {
} }
$limit; $limit;
} elsif ( $rate =~ /^(\d+(\/(sec|min|hour|day))?):(\d+)$/ ) { } elsif ( $rate =~ /^((\d+)(\/(sec|min|hour|day))?):(\d+)$/ ) {
"-m limit --limit $1 --limit-burst $4 "; fatal_error "Invalid Rate ($1)" unless $2;
fatal_error "Invalid Burst ($5)" unless $5;
"-m limit --limit $1 --limit-burst $5 ";
} elsif ( $rate =~ /^(\d+)(\/(sec|min|hour|day))?$/ ) { } elsif ( $rate =~ /^(\d+)(\/(sec|min|hour|day))?$/ ) {
fatal_error "Invalid Rate (${1}${2})" unless $1;
"-m limit --limit $rate "; "-m limit --limit $rate ";
} else { } else {
fatal_error "Invalid rate ($rate)"; fatal_error "Invalid rate ($rate)";

6
Shorewall/Perl/Shorewall/Config.pm
View File

@ -2318,7 +2318,11 @@ sub Comments() {
} }
sub Hashlimit_Match() { sub Hashlimit_Match() {
have_capability 'OLD_HL_MATCH' || qt1( "$iptables -A $sillyname -m hashlimit --hashlimit-upto 3/min --hashlimit-burst 3 --hashlimit-name $sillyname --hashlimit-mode srcip -j ACCEPT" ); if ( qt1( "$iptables -A $sillyname -m hashlimit --hashlimit-upto 3/min --hashlimit-burst 3 --hashlimit-name $sillyname --hashlimit-mode srcip -j ACCEPT" ) ) {
! ( $capabilities{OLD_HL_MATCH} = 0 );
} else {
have_capability 'OLD_HL_MATCH';
}
} }
sub Old_Hashlimit_Match() { sub Old_Hashlimit_Match() {

2
Shorewall/changelog.txt
View File

@ -10,6 +10,8 @@ Changes in Shorewall 4.4.12
5) Add per-ip log rate limiting. 5) Add per-ip log rate limiting.
6) Use new hashlimit match syntax if available.
Changes in Shorewall 4.4.11 Changes in Shorewall 4.4.11
1) Apply patch from Gabriel. 1) Apply patch from Gabriel.