Add rate-limiting example to rules manpages

This commit is contained in:
Tom Eastep 2011-02-03 13:26:41 -08:00
parent 475b811171
commit ac13be4ed4
3 changed files with 30 additions and 2 deletions

View File

@ -1056,7 +1056,7 @@ SHELL cat /etc/shorewall/rules.d/*.rules</programlisting></para>
<para>For optional interfaces, if the interface is not usable at the time
that the firewall starts the all-zero address will be used (0.0.0.0 in
IPv4 and :: in IPv6), resulting in no packets matching the rule. </para>
IPv4 and :: in IPv6), resulting in no packets matching the rule.</para>
</section>
<section id="Embedded">

View File

@ -1381,7 +1381,22 @@
<para>Add the tupple (source IP, dest port, dest IP) of an incoming
SSH connection to the ipset S:</para>
<programlisting> ADD(+S:dst,src,dst) net fw tcp 22</programlisting>
<programlisting> #ACTION SOURCE DEST PROTO DEST
# PORT(S)
ADD(+S:dst,src,dst) net fw tcp 22</programlisting>
</listitem>
</varlistentry>
<varlistentry>
<term>Example 11:</term>
<listitem>
<para>You wish to limit SSH connections from remote sysstems to
1/min with a burst of three (to allow for limited retry):</para>
<programlisting> #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE
# PORT(S) PORT(S) DEST LIMIT
SSH(ACCEPT) net all - - - - s:1/min:3</programlisting>
</listitem>
</varlistentry>
</variablelist>

View File

@ -1103,6 +1103,19 @@
$FW tcp 22</programlisting>
</listitem>
</varlistentry>
<varlistentry>
<term>Example 5:</term>
<listitem>
<para>You wish to limit SSH connections from remote sysstems to
1/min with a burst of three (to allow for limited retry):</para>
<programlisting> #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE
# PORT(S) PORT(S) DEST LIMIT
SSH(ACCEPT) net all - - - - s:1/min:3</programlisting>
</listitem>
</varlistentry>
</variablelist>
</refsect1>