1
0
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-13 17:18:12 +01:00

Disallow rate limiting with DROP/REJECT

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6215 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-05-03 16:33:49 +00:00
parent b98c2dc661
commit 04064d01e6
3 changed files with 5 additions and 1 deletions
Shorewall-common
Shorewall-perl/Shorewall
Shorewall-shell

View File

@ -1546,6 +1546,7 @@ case "$COMMAND" in
;;
logwatch)
get_config Yes
banner="Shorewall-$version Logwatch at $HOSTNAME -"
logwatch_command $@
;;
drop)

View File

@ -902,6 +902,8 @@ sub do_test ( $$ )
"$match $testval ";
}
my %norate = ( DROP => 1, REJECT => 1 );
#
# Create a "-m limit" match for the passed LIMIT/BURST
#
@ -910,7 +912,7 @@ sub do_ratelimit( $$ ) {
return '' unless $rate and $rate ne '-';
fatal_error "Rate Limiting not available with DROP" if $action eq 'DROP';
fatal_error "Rate Limiting not available with $action" if $norate{$action};
if ( $rate =~ /^([^:]+):([^:]+)$/ ) {
"-m limit --limit $1 --limit-burst $2 ";

View File

@ -2169,6 +2169,7 @@ process_rule() # $1 = target
[ -n "$ratelimit" ] && fatal_error "Rate Limiting not available with DROP"
;;
REJECT)
[ -n "$ratelimit" ] && fatal_error "Rate Limiting not available with REJECT"
target=reject
;;
CONTINUE)