From 0685d0edfd724de2a9ca5ed87c12b02c6f2ddaeb Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sun, 15 Jul 2018 08:57:43 -0700
Subject: [PATCH] Fix rate limiting

- Avoid specifying a timeout when the match is '-m limit'

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Chains.pm | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index 5b6e369d1..0adcd8d3f 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -5444,8 +5444,10 @@ sub do_ratelimit( $$ ) {
 		$limit .= " --hashlimit-htable-size $htsize --hashlimit-htable-max $max";
 	    }
 
-	    $limit .= " --hashlimit-mode $mode" if $mode;
-	    $units = $10;
+	    if ( $mode ) {
+		$limit .= " --hashlimit-mode $mode";
+		$units = $10;
+	    }
 	} else {
 	    fatal_error "Invalid rate ($rate)";
 	}