From ac13be4ed4b44e0c2374d5cb0205219146f9d697 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Thu, 3 Feb 2011 13:26:41 -0800
Subject: [PATCH] Add rate-limiting example to rules manpages

---
 docs/configuration_file_basics.xml |  2 +-
 manpages/shorewall-rules.xml       | 17 ++++++++++++++++-
 manpages6/shorewall6-rules.xml     | 13 +++++++++++++
 3 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/docs/configuration_file_basics.xml b/docs/configuration_file_basics.xml
index 4f6f33352..2cfa9c753 100644
--- a/docs/configuration_file_basics.xml
+++ b/docs/configuration_file_basics.xml
@@ -1056,7 +1056,7 @@ SHELL cat /etc/shorewall/rules.d/*.rules</programlisting></para>
 
     <para>For optional interfaces, if the interface is not usable at the time
     that the firewall starts the all-zero address will be used (0.0.0.0 in
-    IPv4 and :: in IPv6), resulting in no packets matching the rule. </para>
+    IPv4 and :: in IPv6), resulting in no packets matching the rule.</para>
   </section>
 
   <section id="Embedded">
diff --git a/manpages/shorewall-rules.xml b/manpages/shorewall-rules.xml
index da58d4f49..500359b6d 100644
--- a/manpages/shorewall-rules.xml
+++ b/manpages/shorewall-rules.xml
@@ -1381,7 +1381,22 @@
           <para>Add the tupple (source IP, dest port, dest IP) of an incoming
           SSH connection to the ipset S:</para>
 
-          <programlisting>        ADD(+S:dst,src,dst)           net              fw             tcp         22</programlisting>
+          <programlisting>        #ACTION                       SOURCE           DEST           PROTO       DEST
+        #                                                             PORT(S)        
+        ADD(+S:dst,src,dst)           net              fw             tcp         22</programlisting>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>Example 11:</term>
+
+        <listitem>
+          <para>You wish to limit SSH connections from remote sysstems to
+          1/min with a burst of three (to allow for limited retry):</para>
+
+          <programlisting>        #ACTION     SOURCE          DEST       PROTO       DEST         SOURCE    ORIGINAL         RATE
+        #                                                  PORT(S)      PORT(S)   DEST             LIMIT
+        SSH(ACCEPT) net             all        -           -            -         -                s:1/min:3</programlisting>
         </listitem>
       </varlistentry>
     </variablelist>
diff --git a/manpages6/shorewall6-rules.xml b/manpages6/shorewall6-rules.xml
index 6cf001bee..9b60716d6 100644
--- a/manpages6/shorewall6-rules.xml
+++ b/manpages6/shorewall6-rules.xml
@@ -1103,6 +1103,19 @@
                         $FW              tcp     22</programlisting>
         </listitem>
       </varlistentry>
+
+      <varlistentry>
+        <term>Example 5:</term>
+
+        <listitem>
+          <para>You wish to limit SSH connections from remote sysstems to
+          1/min with a burst of three (to allow for limited retry):</para>
+
+          <programlisting>        #ACTION     SOURCE          DEST       PROTO       DEST         SOURCE    ORIGINAL         RATE
+        #                                                  PORT(S)      PORT(S)   DEST             LIMIT
+        SSH(ACCEPT) net             all        -           -            -         -                s:1/min:3</programlisting>
+        </listitem>
+      </varlistentry>
     </variablelist>
   </refsect1>