#
# Shorewall version 3.2 -- Extension Script to create Limit action.
#
# /usr/share/shorewall/Limit
##############################################################################

set -- $(separate_list $TAG)

[ $# -eq 3 ] || fatal_error "Rule must include <set name>,<max connections>,<interval> as the log tag"

run_iptables -A $CHAIN -m recent --name $1 --set

if [ -n "$LEVEL" ]; then
    run_iptables -N $CHAIN%
    log_rule_limit $LEVEL $CHAIN% $1 DROP "" "" -A
    run_iptables -A $CHAIN% -j DROP
    run_iptables -A $CHAIN -m recent --name $1 --update --seconds $3 --hitcount $(( $2 + 1 )) -j $CHAIN%
else
    run_iptables -A $CHAIN -m recent --update --name $1 --seconds $3 --hitcount $(( $2 + 1 )) -j DROP
fi

run_iptables -A $CHAIN -j ACCEPT