Add log rate limiting text to shorewall.conf

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1276 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall2/changelog.txt

@@ -22,3 +22,5 @@ Changes since 2.0.1
     have invented.
 
 11) Update the bogons file
+
+12) Added example for log rate limiting knobs in shorewall.conf.

Shorewall2/firewall

@@ -1092,7 +1092,6 @@ log_rule_limit() # $1 = log level, $2 = chain, $3 = disposition , $4 = rate limi
 
 	rulenum=$(($rulenum + 1))
 	eval ${chain}_logrules=$rulenum
-
     else
 	prefix="$(printf "$LOGFORMAT" $chain $disposition)${tag:+$tag }"
     fi

Shorewall2/shorewall.conf

@@ -90,12 +90,21 @@ LOGFORMAT="Shorewall:%s:%s:"
 # maximum initial burst size that will be logged. If set empty, the default
 # value of 5 will be used.
 #
+# If BOTH variables are set empty then logging will not be rate-limited.
+#
 # Example:
 #
 #	LOGRATE=10/minute
 #	LOGBURST=5
 #
-# If BOTH variables are set empty then logging will not be rate-limited.
+# For each logging rule, the first time the rule is reached, the packet
+# will be logged; in fact, since the burst is 5, the first five packets
+# will be logged. After this, it will be 6 seconds (1 minute divided by
+# the rate of 10) before a message will be logged from the rule, regardless
+# of how many packets reach it. Also, every 6 seconds which passes without
+# matching a packet, one of the bursts will be regained; if no packets hit
+# the rule for 30 seconds, the burst will be fully recharged; back where
+# we started.
 #
 
 LOGRATE=