holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Revert LOGLIMIT conversion change

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2011-07-22 07:53:30 -07:00
parent 2adf2883d5
commit bfd63dcace
1 changed files with 17 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
Shorewall/Perl/Shorewall/Config.pm
View File

@ -3406,12 +3406,12 @@ sub get_configuration( $$$ ) {
$globals{STATEMATCH} = '-m conntrack --ctstate' if have_capability 'CONNTRACK_MATCH'; $globals{STATEMATCH} = '-m conntrack --ctstate' if have_capability 'CONNTRACK_MATCH';
if ( my $rate = $config{LOGLIMIT} ) { if ( my $rate = $config{LOGLIMIT} ) {
my ( $option, $limit ); my $limit;
if ( $rate =~ /^[sd]:/ ) { if ( $rate =~ /^[sd]:/ ) {
require_capability 'HASHLIMIT_MATCH', 'Per-ip log rate limiting' , 's'; require_capability 'HASHLIMIT_MATCH', 'Per-ip log rate limiting' , 's';
$option = 'hashlimit'; $limit = "-m hashlimit ";
my $match = have_capability( 'OLD_HL_MATCH' ) ? 'hashlimit' : 'hashlimit-upto'; my $match = have_capability( 'OLD_HL_MATCH' ) ? 'hashlimit' : 'hashlimit-upto';
my $units; my $units;
@ -3420,11 +3420,11 @@ sub get_configuration( $$$ ) {
fatal_error "Invalid rate ($1)" unless $2; fatal_error "Invalid rate ($1)" unless $2;
fatal_error "Invalid burst value ($5)" unless $5; fatal_error "Invalid burst value ($5)" unless $5;
$limit = "--$match $1 --hashlimit-burst $5 --hashlimit-name lograte --hashlimit-mode "; $limit .= "--$match $1 --hashlimit-burst $5 --hashlimit-name lograte --hashlimit-mode ";
$units = $4; $units = $4;
} elsif ( $rate =~ /^[sd]:((\d+)(\/(sec|min|hour|day))?)$/ ) { } elsif ( $rate =~ /^[sd]:((\d+)(\/(sec|min|hour|day))?)$/ ) {
fatal_error "Invalid rate ($1)" unless $2; fatal_error "Invalid rate ($1)" unless $2;
$limit = "--$match $1 --hashlimit-name lograte --hashlimit-mode "; $limit .= "--$match $1 --hashlimit-name lograte --hashlimit-mode ";
$units = $4; $units = $4;
} else { } else {
fatal_error "Invalid rate ($rate)"; fatal_error "Invalid rate ($rate)";
@ -3442,22 +3442,18 @@ sub get_configuration( $$$ ) {
$limit .= "--hashlimit-htable-expire $expire "; $limit .= "--hashlimit-htable-expire $expire ";
} }
} else { } elsif ( $rate =~ /^((\d+)(\/(sec|min|hour|day))):(\d+)$/ ) {
$option = 'limit';
if ( $rate =~ /^((\d+)(\/(sec|min|hour|day))):(\d+)$/ ) {
fatal_error "Invalid rate ($1)" unless $2; fatal_error "Invalid rate ($1)" unless $2;
fatal_error "Invalid burst value ($5)" unless $5; fatal_error "Invalid burst value ($5)" unless $5;
$limit = "--limit $1 --limit-burst $5"; $limit = "-m limit --limit $1 --limit-burst $5 ";
} elsif ( $rate =~ /^(\d+)(\/(sec|min|hour|day))?$/ ) { } elsif ( $rate =~ /^(\d+)(\/(sec|min|hour|day))?$/ ) {
fatal_error "Invalid rate (${1}${2})" unless $1; fatal_error "Invalid rate (${1}${2})" unless $1;
$limit = "--limit $rate"; $limit = "-m limit --limit $rate ";
} else { } else {
fatal_error "Invalid rate ($rate)"; fatal_error "Invalid rate ($rate)";
} }
}
$globals{LOGLIMIT} = [ $option => $limit ]; $globals{LOGLIMIT} = $limit;
warning_message "LOGRATE Ignored when LOGLIMIT is specified" if $config{LOGRATE}; warning_message "LOGRATE Ignored when LOGLIMIT is specified" if $config{LOGRATE};
warning_message "LOGBURST Ignored when LOGLIMIT is specified" if $config{LOGBURST}; warning_message "LOGBURST Ignored when LOGLIMIT is specified" if $config{LOGBURST};
@ -3471,12 +3467,11 @@ sub get_configuration( $$$ ) {
fatal_error"Invalid LOGBURST ($config{LOGBURST})" unless $config{LOGBURST} =~ /^\d+$/; fatal_error"Invalid LOGBURST ($config{LOGBURST})" unless $config{LOGBURST} =~ /^\d+$/;
} }
my $limit = "--limit $config{LOGRATE} " if supplied $config{LOGRATE}; $globals{LOGLIMIT} = '-m limit ';
$limit .= "--limit-burst $config{LOGBURST} " if supplied $config{LOGBURST}; $globals{LOGLIMIT} .= "--limit $config{LOGRATE} " if supplied $config{LOGRATE};
$globals{LOGLIMIT} .= "--limit-burst $config{LOGBURST} " if supplied $config{LOGBURST};
$globals{LOGLIMIT} = [ limit => $limit ];
} else { } else {
$globals{LOGLIMIT} = []; $globals{LOGLIMIT} = '';
} }
check_trivalue ( 'IP_FORWARDING', 'on' ); check_trivalue ( 'IP_FORWARDING', 'on' );