holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Require the Hashlimit Match capability for per-IP rate limiting

Browse Source 
Use the current key words in the generated hashlimit match

Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9828 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2009-04-07 17:36:23 +00:00
parent cd1f5d3c83
commit 36e0c85f5f
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -1534,14 +1534,16 @@ sub do_ratelimit( $$ ) {
# "-m hashlimit" match for the passed LIMIT/BURST
#
if ( $rate =~ /^[sd]:{1,2}/ ) {
require_capability 'HASHLIMIT_MATCH', 'Per-ip rate limiting' , 's';
my $limit = "-m hashlimit ";
if ( $rate =~ /^[sd]:((\w*):)?(\d+(\/(sec|min|hour|day))?):(\d+)$/ ) {
$limit .= "--hashlimit $3 --hashlimit-burst $6 --hashlimit-name ";
$limit .= "--hashlimit-upto $3 --hashlimit-burst $6 --hashlimit-name ";
$limit .= $2 ? $2 : 'shorewall';
$limit .= ' --hashlimit-mode ';
if ( $rate =~ /^s:/ ) { $limit .= "srcip "; } else { $limit .= "dstip "; }
} elsif ( $rate =~ /^[sd]:((\w*):)?(\d+(\/(sec|min|hour|day))?)$/ ) {
$limit .= "--hashlimit $3 --hashlimit-name ";
$limit .= "--hashlimit-upto $3 --hashlimit-name ";
$limit .= $2 ? $2 : 'shorewall';
$limit .= ' --hashlimit-mode ';
if ( $rate =~ /^s:/ ) { $limit .= "srcip "; } else { $limit .= "dstip "; }