extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-22 23:53:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Use global log rate limiting, if any, for synflood logging

Browse Source
This commit is contained in:
Tom Eastep 2010-07-26 14:58:38 -07:00
parent 8f27a2461d
commit f1a8da61bc
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Shorewall/Perl/Shorewall/Policy.pm
View File

@ -34,7 +34,7 @@ use strict;
our @ISA = qw(Exporter);
our @EXPORT = qw( validate_policy apply_policy_rules complete_standard_chain setup_syn_flood_chains save_policies optimize_policy_chains);
our @EXPORT_OK = qw( );
our $VERSION = '4.4_11';
our $VERSION = '4.4_12';
# @policy_chains is a list of references to policy chains in the filter table
@ -496,7 +496,14 @@ sub setup_syn_flood_chains() {
my $level = $chainref->{loglevel};
my $synchainref = new_chain 'filter' , syn_flood_chain $chainref;
add_rule $synchainref , "${limit}-j RETURN";
log_rule_limit $level , $synchainref , $chainref->{name} , 'DROP', '-m limit --limit 5/min --limit-burst 5 ' , '' , 'add' , ''
log_rule_limit( $level ,
$synchainref ,
$chainref->{name} ,
'DROP',
$globals{LOGLIMIT} || '-m limit --limit 5/min --limit-burst 5 ' ,
'' ,
'add' ,
'' )
if $level ne '';
add_rule $synchainref, '-j DROP';
}