holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Apply rate limiting in the nat table on nat+accept rules

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2018-08-23 14:07:10 -07:00
parent e5e427f278
commit 56780a5d1f
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -3137,10 +3137,10 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$$ ) {
if ( $actiontype & ( NATRULE | NONAT ) && ! ( $actiontype & NATONLY ) ) { if ( $actiontype & ( NATRULE | NONAT ) && ! ( $actiontype & NATONLY ) ) {
# #
# Either a DNAT, REDIRECT or ACCEPT+ rule or an Action with NAT; # Either a DNAT, REDIRECT or ACCEPT+ rule or an Action with NAT;
# don't apply rate limiting twice
# #
$rule .= join( '', $rule .= join( '',
do_proto($proto, $ports, $sports), do_proto($proto, $ports, $sports),
do_ratelimit( $ratelimit, 'ACCEPT' ),
do_user( $user ) , do_user( $user ) ,
do_test( $mark , $globals{TC_MASK} ) , do_test( $mark , $globals{TC_MASK} ) ,
do_connlimit( $connlimit ), do_connlimit( $connlimit ),
@ -3239,12 +3239,12 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$$ ) {
# - the destination IP will be the server IP ($dest) -- also done above # - the destination IP will be the server IP ($dest) -- also done above
# - there will be no log level (we log NAT rules in the nat table rather than in the filter table). # - there will be no log level (we log NAT rules in the nat table rather than in the filter table).
# - the target will be ACCEPT. # - the target will be ACCEPT.
# - don't apply rate limiting twice
# #
unless ( $actiontype & NATONLY ) { unless ( $actiontype & NATONLY ) {
$rule = join( '', $rule = join( '',
$matches, $matches,
do_proto( $proto, $ports, $sports ), do_proto( $proto, $ports, $sports ),
do_ratelimit( $ratelimit, 'ACCEPT' ),
do_user $user, do_user $user,
do_test( $mark , $globals{TC_MASK} ), do_test( $mark , $globals{TC_MASK} ),
do_condition( $condition , $chain ), do_condition( $condition , $chain ),