holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Don't apply rate limiting twice in NAT rules

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2010-02-13 07:21:27 -08:00
parent 8224a2971e
commit 53069ebf27
1 changed files with 19 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -1182,13 +1182,25 @@ sub process_rule1 ( $$$$$$$$$$$$$ ) {
# #
# Generate Fixed part of the rule # Generate Fixed part of the rule
# #
$rule = join( '', if ( ( $actiontype & ( NATRULE | NATONLY ) ) == NATRULE ) {
do_proto($proto, $ports, $sports), #
do_ratelimit( $ratelimit, $basictarget ) , # Don't apply rate limiting twice
do_user( $user ) , #
do_test( $mark , $globals{TC_MASK} ) , $rule = join( '',
do_connlimit( $connlimit ), do_proto($proto, $ports, $sports),
do_time( $time ) ); do_user( $user ) ,
do_test( $mark , $globals{TC_MASK} ) ,
do_connlimit( $connlimit ),
do_time( $time ) );
} else {
$rule = join( '',
do_proto($proto, $ports, $sports),
do_ratelimit( $ratelimit, $basictarget ) ,
do_user( $user ) ,
do_test( $mark , $globals{TC_MASK} ) ,
do_connlimit( $connlimit ),
do_time( $time ) );
}
unless ( $section eq 'NEW' ) { unless ( $section eq 'NEW' ) {
fatal_error "Entries in the $section SECTION of the rules file not permitted with FASTACCEPT=Yes" if $config{FASTACCEPT}; fatal_error "Entries in the $section SECTION of the rules file not permitted with FASTACCEPT=Yes" if $config{FASTACCEPT};