Add --hashlimit-htable-expire if the units are minutes or larger

This commit is contained in:
Tom Eastep 2010-02-16 22:54:59 -08:00
parent c3842aeeab
commit af2fb42cf8

View File

@ -2026,20 +2026,36 @@ sub do_ratelimit( $$ ) {
my $limit = "-m hashlimit "; my $limit = "-m hashlimit ";
my $match = have_capability( 'OLD_HL_MATCH' ) ? 'hashlimit' : 'hashlimit-upto'; my $match = have_capability( 'OLD_HL_MATCH' ) ? 'hashlimit' : 'hashlimit-upto';
my $units;
if ( $rate =~ /^[sd]:((\w*):)?(\d+(\/(sec|min|hour|day))?):(\d+)$/ ) { if ( $rate =~ /^[sd]:((\w*):)?(\d+(\/(sec|min|hour|day))?):(\d+)$/ ) {
$limit .= "--hashlimit $3 --hashlimit-burst $6 --hashlimit-name "; $limit .= "--hashlimit $3 --hashlimit-burst $6 --hashlimit-name ";
$limit .= $2 ? $2 : 'shorewall'; $limit .= $2 ? $2 : 'shorewall';
$limit .= ' --hashlimit-mode '; $limit .= ' --hashlimit-mode ';
$units = $5;
} elsif ( $rate =~ /^[sd]:((\w*):)?(\d+(\/(sec|min|hour|day))?)$/ ) { } elsif ( $rate =~ /^[sd]:((\w*):)?(\d+(\/(sec|min|hour|day))?)$/ ) {
$limit .= "--$match $3 --hashlimit-name "; $limit .= "--$match $3 --hashlimit-name ";
$limit .= $2 ? $2 : 'shorewall'; $limit .= $2 ? $2 : 'shorewall';
$limit .= ' --hashlimit-mode '; $limit .= ' --hashlimit-mode ';
$units = $5;
} else { } else {
fatal_error "Invalid rate ($rate)"; fatal_error "Invalid rate ($rate)";
} }
$limit .= $rate =~ /^s:/ ? 'srcip ' : 'dstip '; $limit .= $rate =~ /^s:/ ? 'srcip ' : 'dstip ';
if ( $units && $units ne 'sec' ) {
my $expire = 60000; # I minute in milliseconds
if ( $units ne 'min' ) {
$expire *= 60; #At least an hour
$expire *= 24 if $units eq 'day';
}
$limit .= "--hashlimit-htable-expire $expire ";
}
$limit;
} elsif ( $rate =~ /^(\d+(\/(sec|min|hour|day))?):(\d+)$/ ) { } elsif ( $rate =~ /^(\d+(\/(sec|min|hour|day))?):(\d+)$/ ) {
"-m limit --limit $1 --limit-burst $4 "; "-m limit --limit $1 --limit-burst $4 ";
} elsif ( $rate =~ /^(\d+)(\/(sec|min|hour|day))?$/ ) { } elsif ( $rate =~ /^(\d+)(\/(sec|min|hour|day))?$/ ) {