extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-28 00:19:59 +01:00
Code Issues Packages Projects Releases Wiki Activity

Disallow rate limiting with DROP/REJECT

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6215 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-05-03 16:33:49 +00:00
parent b98c2dc661
commit 04064d01e6
3 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Shorewall-common/shorewall
View File

@ -1546,6 +1546,7 @@ case "$COMMAND" in
;; ;;
logwatch) logwatch)
get_config Yes get_config Yes
banner="Shorewall-$version Logwatch at $HOSTNAME -"
logwatch_command $@ logwatch_command $@
;; ;;
drop) drop)

4
Shorewall-perl/Shorewall/Chains.pm
View File

@ -902,6 +902,8 @@ sub do_test ( $$ )
"$match $testval "; "$match $testval ";
} }
my %norate = ( DROP => 1, REJECT => 1 );
# #
# Create a "-m limit" match for the passed LIMIT/BURST # Create a "-m limit" match for the passed LIMIT/BURST
# #
@ -910,7 +912,7 @@ sub do_ratelimit( $$ ) {
return '' unless $rate and $rate ne '-'; return '' unless $rate and $rate ne '-';
fatal_error "Rate Limiting not available with DROP" if $action eq 'DROP'; fatal_error "Rate Limiting not available with $action" if $norate{$action};
if ( $rate =~ /^([^:]+):([^:]+)$/ ) { if ( $rate =~ /^([^:]+):([^:]+)$/ ) {
"-m limit --limit $1 --limit-burst $2 "; "-m limit --limit $1 --limit-burst $2 ";

1
Shorewall-shell/compiler
View File

@ -2169,6 +2169,7 @@ process_rule() # $1 = target
[ -n "$ratelimit" ] && fatal_error "Rate Limiting not available with DROP" [ -n "$ratelimit" ] && fatal_error "Rate Limiting not available with DROP"
;; ;;
REJECT) REJECT)
[ -n "$ratelimit" ] && fatal_error "Rate Limiting not available with REJECT"
target=reject target=reject
;; ;;
CONTINUE) CONTINUE)