extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-26 23:49:08 +01:00
Code Issues Packages Projects Releases Wiki Activity

Hack to make new LIMIT stuff work on ancient iptables releases

Browse Source
This commit is contained in:
Tom Eastep 2009-09-20 09:10:23 -04:00
parent 96b19dd218
commit 20250c9ce9
3 changed files with 5 additions and 186 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -1532,7 +1532,7 @@ sub do_ratelimit( $$ ) {
my $limit = "-m hashlimit ";
if ( $rate =~ /^[sd]:((\w*):)?(\d+(\/(sec|min|hour|day))?):(\d+)$/ ) {
$limit .= "--hashlimit-upto $3 --hashlimit-burst $6 --hashlimit-name ";
$limit .= "--hashlimit $3 --hashlimit-burst $6 --hashlimit-name ";
$limit .= $2 ? $2 : 'shorewall';
$limit .= ' --hashlimit-mode ';
} elsif ( $rate =~ /^[sd]:((\w*):)?(\d+(\/(sec|min|hour|day))?)$/ ) {

95
Shorewall/shorewall
View File

@ -23,99 +23,9 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
# If an error occurs while starting or restarting the firewall, the
# firewall is automatically stopped.
# For a list of supported commands, type 'shorewall help'
#
# The firewall uses configuration files in /etc/shorewall/ - skeleton
# files are included with the firewall.
#
# Commands are:
#
# shorewall add <iface>[:<host>] zone Adds a host or subnet to a zone
# shorewall delete <iface>[:<host>] zone Deletes a host or subnet from a zone
# shorewall dump Dumps all Shorewall-related information
# for problem analysis
# shorewall start Starts the firewall
# shorewall restart Restarts the firewall
# shorewall stop Stops the firewall
# shorewall status Displays firewall status
# shorewall reset Resets iptables packet and
# byte counts
# shorewall clear Open the floodgates by
# removing all iptables rules
# and setting the three permanent
# chain policies to ACCEPT
# shorewall refresh Rebuild the common chain to
# compensate for a change of
# broadcast address on any "detect"
# interface.
# shorewall [re]load [ <directory> ] <system>
# Compile a script and install it on a
# remote Shorewall Lite system.
# shorewall show <chain> [ <chain> ... ] Display the rules in each <chain> listed
# shorewall show actions Displays the available actions
# shorewall show log Print the last 20 log messages
# shorewall show connections Show the kernel's connection
# tracking table
# shorewall show nat Display the rules in the nat table
# shorewall show {mangle|tos} Display the rules in the mangle table
# shorewall show tc Display traffic control info
# shorewall show classifiers Display classifiers
# shorewall show capabilities Display iptables/kernel capabilities
# shorewall show vardir Display the VARDIR setting.
# shorewall version Display the installed version id
# shorewall check [ -e ] [ <directory> ] Dry-run compilation.
# shorewall try <directory> [ <timeout> ] Try a new configuration and if
# it doesn't work, revert to the
# standard one. If a timeout is supplied
# the command reverts back to the
# standard configuration after that many
# seconds have elapsed after successfully
# starting the new configuration.
# shorewall logwatch [ refresh-interval ] Monitor the local log for Shorewall
# messages.
# shorewall drop <address> ... Temporarily drop all packets from the
# listed address(es)
# shorewall reject <address> ... Temporarily reject all packets from the
# listed address(es)
# shorewall allow <address> ... Reenable address(es) previously
# disabled with "drop" or "reject"
# shorewall save [ <file> ] Save the list of "rejected" and
# "dropped" addresses so that it will
# be automatically reinstated the
# next time that Shorewall starts.
# Save the current state so that 'shorewall
# restore' can be used.
#
# shorewall forget [ <file> ] Discard the data saved by 'shorewall save'
#
# shorewall restore [ <file> ] Restore the state of the firewall from
# previously saved information.
#
# shorewall ipaddr { <address>/<cidr> | <address> <netmask> }
#
# Displays information about the network
# defined by the argument[s]
#
# shorewall iprange <address>-<address> Decomposes a range of IP addresses into
# a list of network/host addresses.
#
# shorewall ipdecimal { <address> | <integer> }
#
# Displays the decimal equivalent of an IP
# address and vice versa.
#
# shorewall safe-start [ <directory> ] Starts the firewall and promtp for a c
# confirmation to accept or reject the new
# configuration
#
# shorewall safe-restart [ <directory> ] Restarts the firewall and prompt for a
# confirmation to accept or reject the new
# configuration
#
# shorewall compile [ -e ] [ <directory> ] <filename>
# Compile a firewall program file.
#####################################################################################################
#
# Set the configuration variables from shorewall.conf
#
@ -123,7 +33,6 @@
# $2 = Yes: check for STARTUP_ENABLED
# $3 = Yes: Check for LOGFILE
#
#
get_config() {
local prog

94
Shorewall6/shorewall6
View File

@ -23,99 +23,9 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
# If an error occurs while starting or restarting the firewall, the
# firewall is automatically stopped.
# For a list of supported commands, type 'shorewall6 help'
#
# The firewall uses configuration files in /etc/shorewall/ - skeleton
# files are included with the firewall.
#
# Commands are:
#
# shorewall6 add <iface>[:<host>] zone Adds a host or subnet to a zone
# shorewall6 delete <iface>[:<host>] zone Deletes a host or subnet from a zone
# shorewall6 dump Dumps all Shorewall6-related information
# for problem analysis
# shorewall6 start Starts the firewall
# shorewall6 restart Restarts the firewall
# shorewall6 stop Stops the firewall
# shorewall6 status Displays firewall status
# shorewall6 reset Resets ip6tables packet and
# byte counts
# shorewall6 clear Open the floodgates by
# removing all ip6tables rules
# and setting the three permanent
# chain policies to ACCEPT
# shorewall6 refresh Rebuild the common chain to
# compensate for a change of
# broadcast address on any "detect"
# interface.
# shorewall6 [re]load [ <directory> ] <system>
# Compile a script and install it on a
# remote Shorewall6 Lite system.
# shorewall6 show <chain> [ <chain> ... ] Display the rules in each <chain> listed
# shorewall6 show actions Displays the available actions
# shorewall6 show log Print the last 20 log messages
# shorewall6 show connections Show the kernel's connection
# tracking table
# shorewall6 show nat Display the rules in the nat table
# shorewall6 show {mangle|tos} Display the rules in the mangle table
# shorewall6 show tc Display traffic control info
# shorewall6 show classifiers Display classifiers
# shorewall6 show capabilities Display ip6tables/kernel capabilities
# shorewall6 show vardir Display the VARDIR setting.
# shorewall6 version Display the installed version id
# shorewall6 check [ -e ] [ <directory> ] Dry-run compilation.
# shorewall6 try <directory> [ <timeout> ] Try a new configuration and if
# it doesn't work, revert to the
# standard one. If a timeout is supplied
# the command reverts back to the
# standard configuration after that many
# seconds have elapsed after successfully
# starting the new configuration.
# shorewall6 logwatch [ refresh-interval ] Monitor the local log for Shorewall6
# messages.
# shorewall6 drop <address> ... Temporarily drop all packets from the
# listed address(es)
# shorewall6 reject <address> ... Temporarily reject all packets from the
# listed address(es)
# shorewall6 allow <address> ... Reenable address(es) previously
# disabled with "drop" or "reject"
# shorewall6 save [ <file> ] Save the list of "rejected" and
# "dropped" addresses so that it will
# be automatically reinstated the
# next time that Shorewall6 starts.
# Save the current state so that 'shorewall6
# restore' can be used.
#
# shorewall6 forget [ <file> ] Discard the data saved by 'shorewall6 save'
#
# shorewall6 restore [ <file> ] Restore the state of the firewall from
# previously saved information.
#
# shorewall6 ipaddr { <address>/<cidr> | <address> <netmask> }
#
# Displays information about the network
# defined by the argument[s]
#
# shorewall6 iprange <address>-<address> Decomposes a range of IP addresses into
# a list of network/host addresses.
#
# shorewall6 ipdecimal { <address> | <integer> }
#
# Displays the decimal equivalent of an IP
# address and vice versa.
#
# shorewall6 safe-start [ <directory> ] Starts the firewall and promtp for a c
# confirmation to accept or reject the new
# configuration
#
# shorewall6 safe-restart [ <directory> ] Restarts the firewall and prompt for a
# confirmation to accept or reject the new
# configuration
#
# shorewall6 compile [ -e ] [ <directory> ] <filename>
# Compile a firewall program file.
################################################################################################
#
# Set the configuration variables from shorewall6.conf
#