extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-12-15 19:01:19 +01:00
Code Issues Packages Projects Releases Wiki Activity

Use new hashlimit match syntax if available

Browse Source
This commit is contained in:
Tom Eastep 2010-07-31 07:19:41 -07:00
parent 637cfdaa14
commit 005b6f7b45
3 changed files with 20 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -2207,16 +2207,19 @@ sub do_ratelimit( $$ ) {
my $match = have_capability( 'OLD_HL_MATCH' ) ? 'hashlimit' : 'hashlimit-upto';
my $units;
if ( $rate =~ /^[sd]:((\w*):)?(\d+(\/(sec|min|hour|day))?):(\d+)$/ ) {
$limit .= "--hashlimit $3 --hashlimit-burst $6 --hashlimit-name ";
if ( $rate =~ /^[sd]:((\w*):)?((\d+)(\/(sec|min|hour|day))?):(\d+)$/ ) {
fatal_error "Invalid Rate ($3)" unless $4;
fatal_error "Invalid Burst ($7)" unless $7;
$limit .= "--hashlimit $3 --hashlimit-burst $7 --hashlimit-name ";
$limit .= $2 ? $2 : 'shorewall' . $hashlimitset++;
$limit .= ' --hashlimit-mode ';
$units = $5;
} elsif ( $rate =~ /^[sd]:((\w*):)?(\d+(\/(sec|min|hour|day))?)$/ ) {
$units = $6;
} elsif ( $rate =~ /^[sd]:((\w*):)?((\d+)(\/(sec|min|hour|day))?)$/ ) {
fatal_error "Invalid Rate ($3)" unless $4;
$limit .= "--$match $3 --hashlimit-name ";
$limit .= $2 ? $2 : 'shorewall' . $hashlimitset++;
$limit .= ' --hashlimit-mode ';
$units = $5;
$units = $6;
} else {
fatal_error "Invalid rate ($rate)";
}
@ -2235,9 +2238,12 @@ sub do_ratelimit( $$ ) {
}
$limit;
} elsif ( $rate =~ /^(\d+(\/(sec|min|hour|day))?):(\d+)$/ ) {
"-m limit --limit $1 --limit-burst $4 ";
} elsif ( $rate =~ /^((\d+)(\/(sec|min|hour|day))?):(\d+)$/ ) {
fatal_error "Invalid Rate ($1)" unless $2;
fatal_error "Invalid Burst ($5)" unless $5;
"-m limit --limit $1 --limit-burst $5 ";
} elsif ( $rate =~ /^(\d+)(\/(sec|min|hour|day))?$/ ) {
fatal_error "Invalid Rate (${1}${2})" unless $1;
"-m limit --limit $rate ";
} else {
fatal_error "Invalid rate ($rate)";

6
Shorewall/Perl/Shorewall/Config.pm
View File

@ -2318,7 +2318,11 @@ sub Comments() {
}
sub Hashlimit_Match() {
have_capability 'OLD_HL_MATCH' || qt1( "$iptables -A $sillyname -m hashlimit --hashlimit-upto 3/min --hashlimit-burst 3 --hashlimit-name $sillyname --hashlimit-mode srcip -j ACCEPT" );
if ( qt1( "$iptables -A $sillyname -m hashlimit --hashlimit-upto 3/min --hashlimit-burst 3 --hashlimit-name $sillyname --hashlimit-mode srcip -j ACCEPT" ) ) {
! ( $capabilities{OLD_HL_MATCH} = 0 );
} else {
have_capability 'OLD_HL_MATCH';
}
}
sub Old_Hashlimit_Match() {

2
Shorewall/changelog.txt
View File

@ -10,6 +10,8 @@ Changes in Shorewall 4.4.12
5) Add per-ip log rate limiting.
6) Use new hashlimit match syntax if available.
Changes in Shorewall 4.4.11
1) Apply patch from Gabriel.