extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-12-16 19:30:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Generate fatal_error if iptables-restore fails; Fix Limit rule generation

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5611 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-03-21 17:54:17 +00:00
parent 8d0d75bab2
commit 75c89dda93
2 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
New/Shorewall/Actions.pm
View File

@ -589,19 +589,20 @@ sub process_actions3 () {
my @tag = split /,/, $tag;
my $count = $tag[1] + 1;
fatal_error 'Limit rules must include <set name>,<max connections>,<interval> as the log tag' unless @tag == 3;
add_rule $chainref, '-m recent --name $tag[0] --set';
my $set = $tag[0];
my $count = $tag[1] + 1;
add_rule $chainref, "-m recent --name $set --set";
if ( $level ) {
my $xchainref = new_chain 'filter' , "$chainref->{name}%";
log_rule_limit $level, $xchainref, $tag[0], 'DROP', '', '', 'add', '';
add_rule $xchainref, '-j DROP';
add_rule $chainref, "-m recent --name $tag[0] --update --seconds $tag[2] --hitcount $count -j $chainref->{name}%";
add_rule $chainref, "-m recent --name $set --update --seconds $tag[2] --hitcount $count -j $chainref->{name}%";
} else {
add_rule $chainref, "-m recent --update --name $tag[0] --seconds $tag[2] --hitcount $count -j DROP";
add_rule $chainref, "-m recent --update --name $set --seconds $tag[2] --hitcount $count -j DROP";
}
add_rule $chainref, '-j ACCEPT';

5
New/Shorewall/Chains.pm
View File

@ -1254,6 +1254,11 @@ sub create_netfilter_load() {
}
emit '__EOF__';
emit 'if [ $? != 0 ]; then';
emit ' fatal_error "iptables-restore Failed"';
emit "fi\n";
emit "}\n";
}