diff options
author | Mohit Mehta <mohit.mehta@vyatta.com> | 2009-01-16 15:55:34 -0800 |
---|---|---|
committer | Mohit Mehta <mohit.mehta@vyatta.com> | 2009-01-16 15:55:34 -0800 |
commit | 6ca976097131941c0e6d70c5cd54330cb6dbdd75 (patch) | |
tree | 7b8c0026e2aef9906bc1649eeae6abdbea69c86c /lib/Vyatta/IpTables/Rule.pm | |
parent | cc811731ba98e6b5f76cfea66960c2c8e2943532 (diff) | |
download | vyatta-cfg-firewall-6ca976097131941c0e6d70c5cd54330cb6dbdd75.tar.gz vyatta-cfg-firewall-6ca976097131941c0e6d70c5cd54330cb6dbdd75.zip |
- Fix Bug 2223 Add rate rate limiting / burst limiting functions to the Vyatta firewall
- Fix help strings for time-based firewall nodes
Diffstat (limited to 'lib/Vyatta/IpTables/Rule.pm')
-rw-r--r-- | lib/Vyatta/IpTables/Rule.pm | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/lib/Vyatta/IpTables/Rule.pm b/lib/Vyatta/IpTables/Rule.pm index 23755a6..fb1574b 100644 --- a/lib/Vyatta/IpTables/Rule.pm +++ b/lib/Vyatta/IpTables/Rule.pm @@ -46,6 +46,10 @@ my %fields = ( _weekdays => undef, _utc => undef, }, + _limit => { + _rate => undef, + _burst => undef, + }, _disable => undef, ); @@ -88,6 +92,10 @@ my %dummy_rule = ( _weekdays => undef, _utc => undef, }, + _limit => { + _rate => undef, + _burst => undef, + }, _disable => undef, ); @@ -154,6 +162,9 @@ sub setup { $self->{_time}->{_weekdays} = $config->returnValue("time weekdays"); $self->{_time}->{_utc} = $config->exists("time utc"); + $self->{_limit}->{_rate} = $config->returnValue("limit rate"); + $self->{_limit}->{_burst} = $config->returnValue("limit burst"); + $self->{_disable} = $config->exists("disable"); # TODO: need $config->exists("$level source") in Vyatta::Config.pm @@ -209,6 +220,9 @@ sub setupOrig { $self->{_time}->{_weekdays} = $config->returnOrigValue("time weekdays"); $self->{_time}->{_utc} = $config->existsOrig("time utc"); + $self->{_limit}->{_rate} = $config->returnOrigValue("limit rate"); + $self->{_limit}->{_burst} = $config->returnOrigValue("limit burst"); + $self->{_disable} = $config->existsOrig("disable"); # TODO: need $config->exists("$level source") in Vyatta::Config.pm @@ -441,6 +455,17 @@ first character capitalized eg. Mon,Thu,Sat For negation, add ! in front eg. !Mo $rule .= " -m time $time "; } + my $limit = undef; + if (defined($self->{_limit}->{_burst})) { + return ("Limit rate not defined", ) if (!defined($self->{_limit}->{_rate})); + $limit = "--limit $self->{_limit}->{_rate} --limit-burst $self->{_limit}->{_burst}"; + } elsif (defined($self->{_limit}->{_rate})) { + $limit = "--limit $self->{_limit}->{_rate} --limit-burst 1"; + } + if (defined($limit)) { + $rule .= " -m limit $limit "; + } + my $chain = $self->{_name}; my $rule_num = $self->{_rule_number}; my $rule2 = undef; |