From 6db2c5fbe3cd56be8d763c37a2186b77f1d37b46 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Wed, 17 Feb 2010 15:38:38 -0800 Subject: [PATCH] Document change to hashlimit Signed-off-by: Tom Eastep --- Shorewall/changelog.txt | 2 ++ Shorewall/releasenotes.txt | 9 +++++++++ 2 files changed, 11 insertions(+) diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index 5b558e742..cf3ed38c8 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -4,6 +4,8 @@ Changes in Shorewall 4.4.7.5 2) Avoid duplicate SFQ class numbers. +3) Fix low per-IP rate limits. + Changes in Shorewall 4.4.7.4 1) Add $remote_fs to Required-start and Required-stop for Debian. diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 6a8e306bc..3c0934abf 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -202,6 +202,15 @@ Shorewall 4.4.7 Patch Release 5. 1500 limit 127 perturb 10" Failed Processing /etc/shorewall/stop ... +3) Previously, when per-IP rate limiting was specified with a low rate + (such as 1/hour), the effective rate was much higher (once every 10 + seconds). The Shorewall compiler now configures the hashlimit table + based on the rate such that the rate is more accurately enforced. + + As part of this change, a unique hash table name is assigned to + each rule that does not specify a table name in the rule. The + assigned names are of the form 'shorewallN' where N is an integer. + ---------------------------------------------------------------------------- P R O B L E M S C O R R E C T E D I N 4 . 4 . 7 . 4 ----------------------------------------------------------------------------