Add rate-limiting example to rules manpages

2024-11-23 08:03:11 +01:00 · 2011-02-03 13:26:41 -08:00 · 2011-02-03 13:26:41 -08:00 · ac13be4ed4
commit ac13be4ed4
parent 475b811171
3 changed files with 30 additions and 2 deletions
--- a/docs/configuration_file_basics.xml
+++ b/docs/configuration_file_basics.xml
@ -1056,7 +1056,7 @@ SHELL cat /etc/shorewall/rules.d/*.rules</programlisting></para>

    <para>For optional interfaces, if the interface is not usable at the time
    that the firewall starts the all-zero address will be used (0.0.0.0 in
-    IPv4 and :: in IPv6), resulting in no packets matching the rule. </para>
+    IPv4 and :: in IPv6), resulting in no packets matching the rule.</para>
  </section>

  <section id="Embedded">
--- a/manpages/shorewall-rules.xml
+++ b/manpages/shorewall-rules.xml
@ -1381,7 +1381,22 @@
          <para>Add the tupple (source IP, dest port, dest IP) of an incoming
          SSH connection to the ipset S:</para>

-          <programlisting>        ADD(+S:dst,src,dst)           net              fw             tcp         22</programlisting>
+          <programlisting>        #ACTION                       SOURCE           DEST           PROTO       DEST
+        #                                                             PORT(S)        
+        ADD(+S:dst,src,dst)           net              fw             tcp         22</programlisting>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>Example 11:</term>
+
+        <listitem>
+          <para>You wish to limit SSH connections from remote sysstems to
+          1/min with a burst of three (to allow for limited retry):</para>
+
+          <programlisting>        #ACTION     SOURCE          DEST       PROTO       DEST         SOURCE    ORIGINAL         RATE
+        #                                                  PORT(S)      PORT(S)   DEST             LIMIT
+        SSH(ACCEPT) net             all        -           -            -         -                s:1/min:3</programlisting>
        </listitem>
      </varlistentry>
    </variablelist>
--- a/manpages6/shorewall6-rules.xml
+++ b/manpages6/shorewall6-rules.xml
@ -1103,6 +1103,19 @@
                        $FW              tcp     22</programlisting>
        </listitem>
      </varlistentry>
+
+      <varlistentry>
+        <term>Example 5:</term>
+
+        <listitem>
+          <para>You wish to limit SSH connections from remote sysstems to
+          1/min with a burst of three (to allow for limited retry):</para>
+
+          <programlisting>        #ACTION     SOURCE          DEST       PROTO       DEST         SOURCE    ORIGINAL         RATE
+        #                                                  PORT(S)      PORT(S)   DEST             LIMIT
+        SSH(ACCEPT) net             all        -           -            -         -                s:1/min:3</programlisting>
+        </listitem>
+      </varlistentry>
    </variablelist>
  </refsect1>