mirror of
https://gitlab.com/shorewall/code.git
synced 2025-01-13 17:18:12 +01:00
Disallow rate limiting with DROP/REJECT
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6215 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
b98c2dc661
commit
04064d01e6
@ -1546,6 +1546,7 @@ case "$COMMAND" in
|
||||
;;
|
||||
logwatch)
|
||||
get_config Yes
|
||||
banner="Shorewall-$version Logwatch at $HOSTNAME -"
|
||||
logwatch_command $@
|
||||
;;
|
||||
drop)
|
||||
|
@ -902,6 +902,8 @@ sub do_test ( $$ )
|
||||
"$match $testval ";
|
||||
}
|
||||
|
||||
my %norate = ( DROP => 1, REJECT => 1 );
|
||||
|
||||
#
|
||||
# Create a "-m limit" match for the passed LIMIT/BURST
|
||||
#
|
||||
@ -910,7 +912,7 @@ sub do_ratelimit( $$ ) {
|
||||
|
||||
return '' unless $rate and $rate ne '-';
|
||||
|
||||
fatal_error "Rate Limiting not available with DROP" if $action eq 'DROP';
|
||||
fatal_error "Rate Limiting not available with $action" if $norate{$action};
|
||||
|
||||
if ( $rate =~ /^([^:]+):([^:]+)$/ ) {
|
||||
"-m limit --limit $1 --limit-burst $2 ";
|
||||
|
@ -2169,6 +2169,7 @@ process_rule() # $1 = target
|
||||
[ -n "$ratelimit" ] && fatal_error "Rate Limiting not available with DROP"
|
||||
;;
|
||||
REJECT)
|
||||
[ -n "$ratelimit" ] && fatal_error "Rate Limiting not available with REJECT"
|
||||
target=reject
|
||||
;;
|
||||
CONTINUE)
|
||||
|
Loading…
Reference in New Issue
Block a user