extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-12-16 11:20:53 +01:00
Code Issues Packages Projects Releases Wiki Activity

Correct/improve LOGLIMIT handling

Browse Source
This commit is contained in:
Tom Eastep 2010-07-29 16:50:17 -07:00
parent d483725474
commit e598dc77b7
1 changed files with 38 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
Shorewall/Perl/Shorewall/Config.pm
View File

@ -2850,18 +2850,26 @@ sub get_configuration( $ ) {
$globals{STATEMATCH} = '-m conntrack --ctstate' if have_capability 'CONNTRACK_MATCH'; $globals{STATEMATCH} = '-m conntrack --ctstate' if have_capability 'CONNTRACK_MATCH';
if ( my $rate = $config{LOGLIMIT} ) { if ( my $rate = $config{LOGLIMIT} ) {
my $limit;
if ( $rate =~ /^[sd]:/ ) {
require_capability 'HASHLIMIT_MATCH', 'Per-ip log rate limiting' , 's'; require_capability 'HASHLIMIT_MATCH', 'Per-ip log rate limiting' , 's';
my $limit = "-m hashlimit "; $limit = "-m hashlimit ";
my $match = have_capability( 'OLD_HL_MATCH' ) ? 'hashlimit' : 'hashlimit-upto'; my $match = have_capability( 'OLD_HL_MATCH' ) ? 'hashlimit' : 'hashlimit-upto';
my $units; my $units;
if ( $rate =~ /^[sd]:(\d+(\/(sec|min|hour|day))?):(\d+)$/ ) { if ( $rate =~ /^[sd]:((\d+)(\/(sec|min|hour|day))):(\d+)$/ ) {
$limit .= "--hashlimit $1 --hashlimit-burst $4 --hashlimit-name lograte --hashlimit-mode "; fatal_error "Invalid rate ($1)" unless $2;
$units = $3; fatal_error "Invalid burst value ($5)" unless $5;
} elsif ( $rate =~ /^[sd]:(\d+(\/(sec|min|hour|day))?)$/ ) {
$limit .= "--hashlimit $1 --hashlimit-burst $5 --hashlimit-name lograte --hashlimit-mode ";
$units = $4;
} elsif ( $rate =~ /^[sd]:((\d+)(\/(sec|min|hour|day))?)$/ ) {
fatal_error "Invalid rate ($1)" unless $2;
$limit .= "--$match $1 --hashlimit-name lograte --hashlimit-mode "; $limit .= "--$match $1 --hashlimit-name lograte --hashlimit-mode ";
$units = $3; $units = $4;
} else { } else {
fatal_error "Invalid rate ($rate)"; fatal_error "Invalid rate ($rate)";
} }
@ -2878,6 +2886,16 @@ sub get_configuration( $ ) {
$limit .= "--hashlimit-htable-expire $expire "; $limit .= "--hashlimit-htable-expire $expire ";
} }
} elsif ( $rate =~ /^((\d+)(\/(sec|min|hour|day))):(\d+)$/ ) {
fatal_error "Invalid rate ($1)" unless $2;
fatal_error "Invalid burst value ($5)" unless $5;
$limit = "-m limit --limit $1 --limit-burst $5 ";
} elsif ( $rate =~ /^(\d+)(\/(sec|min|hour|day))?$/ ) {
fatal_error "Invalid rate (${1}${2})" unless $1;
$limit = "-m limit --limit $rate ";
} else {
fatal_error "Invalid rate ($rate)";
}
$globals{LOGLIMIT} = $limit; $globals{LOGLIMIT} = $limit;