holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

First part of 'hashlimit' implemenation

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9826 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2009-04-07 03:23:01 +00:00
parent b1e9453c62
commit c545e65cea
1 changed files with 20 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -1530,8 +1530,27 @@ sub do_ratelimit( $$ ) {
return '' unless $rate and $rate ne '-';
fatal_error "Rate Limiting not available with $action" if $norate{$action};
#
# "-m hashlimit" match for the passed LIMIT/BURST
#
if ( $rate =~ /^[sd]:{1,2}/ ) {
my $limit = "-m hashlimit ";
if ( $rate =~ /^[sd]:((\w*):)?(\d+(\/(sec|min|hour|day))?):(\d+)$/ ) {
$limit .= "--hashlimit $3 --hashlimit-burst $6 --hashlimit-name ";
$limit .= $2 ? $2 : 'shorewall';
$limit .= ' --hashlimit-mode ';
if ( $rate =~ /^s:/ ) { $limit .= "srcip "; } else { $limit .= "dstip "; }
} elsif ( $rate =~ /^[sd]:((\w*):)?(\d+(\/(sec|min|hour|day))?)$/ ) {
$limit .= "--hashlimit $3 --hashlimit-name ";
$limit .= $2 ? $2 : 'shorewall';
$limit .= ' --hashlimit-mode ';
if ( $rate =~ /^s:/ ) { $limit .= "srcip "; } else { $limit .= "dstip "; }
} else {
fatal_error "Invalid rate ($rate)";
}
if ( $rate =~ /^(\d+(\/(sec|min|hour|day))?):(\d+)$/ ) {
$limit;
} elsif ( $rate =~ /^(\d+(\/(sec|min|hour|day))?):(\d+)$/ ) {
"-m limit --limit $1 --limit-burst $4 ";
} elsif ( $rate =~ /^(\d+)(\/(sec|min|hour|day))?$/ ) {
"-m limit --limit $rate ";