From ea8a6c837ff1fcb09fe9e0c784d39f77f3076fe2 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Wed, 17 Feb 2010 15:41:12 -0800 Subject: [PATCH] Document per-IP rate change Signed-off-by: Tom Eastep --- Shorewall/changelog.txt | 2 ++ Shorewall/releasenotes.txt | 9 +++++++++ 2 files changed, 11 insertions(+) diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index cadf42118..7539c6258 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -6,6 +6,8 @@ Changes in Shorewall 4.4.8 3) Avoid duplicate SFQ class numbers. +4) Fix low per-IP rate limits. + Changes in Shorewall 4.4.7 1) Backport optimization changes from 4.5. diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index c53b7ea75..894ca9b73 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -206,6 +206,15 @@ Shorewall 4.4.8 1500 limit 127 perturb 10" Failed Processing /etc/shorewall/stop ... +4) Previously, when per-IP rate limiting was specified with a low rate + (such as 1/hour), the effective rate was much higher (once every 10 + seconds). The Shorewall compiler now configures the hashlimit table + based on the rate such that the rate is more accurately enforced. + + As part of this change, a unique hash table name is assigned to + each rule that does not specify a table name in the rule. The + assigned names are of the form 'shorewallN' where N is an integer. + ---------------------------------------------------------------------------- K N O W N P R O B L E M S R E M A I N I N G ----------------------------------------------------------------------------