diff options
author | Bob Gilligan <gilligan@vyatta.com> | 2009-04-03 14:20:20 -0700 |
---|---|---|
committer | Bob Gilligan <gilligan@vyatta.com> | 2009-04-03 14:20:20 -0700 |
commit | 6a18584f4e272cd4ddad197a65e0337a2ba73ed9 (patch) | |
tree | e25c0d4c613b95aa45fced75088cc210369c8b3b /templates/firewall | |
parent | 9dc89a7776f8d14e110b3b6aeef9ab29712ebac8 (diff) | |
download | vyatta-cfg-firewall-6a18584f4e272cd4ddad197a65e0337a2ba73ed9.tar.gz vyatta-cfg-firewall-6a18584f4e272cd4ddad197a65e0337a2ba73ed9.zip |
Bugfix 4261: Add support to configure "limit" for IPv6 modify rulesets.
Diffstat (limited to 'templates/firewall')
3 files changed, 11 insertions, 0 deletions
diff --git a/templates/firewall/ipv6-modify/node.tag/rule/node.tag/limit/burst/node.def b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/limit/burst/node.def new file mode 100644 index 0000000..2739faa --- /dev/null +++ b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/limit/burst/node.def @@ -0,0 +1,3 @@ +type: u32 +help: Set maximum number of packets to allow in excess of rate +syntax:expression: ($VAR(@) >0) ; "Burst should be a value greater then zero" diff --git a/templates/firewall/ipv6-modify/node.tag/rule/node.tag/limit/node.def b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/limit/node.def new file mode 100644 index 0000000..42081fe --- /dev/null +++ b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/limit/node.def @@ -0,0 +1 @@ +help: Set to match rule at a limited rate using a token bucket filter diff --git a/templates/firewall/ipv6-modify/node.tag/rule/node.tag/limit/rate/node.def b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/limit/rate/node.def new file mode 100644 index 0000000..de22a6f --- /dev/null +++ b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/limit/rate/node.def @@ -0,0 +1,7 @@ +type: txt +help: Set maximum average matching rate +syntax:expression: pattern $VAR(@) "^[[:digit:]]+/(second|minute|hour|day)$" ; \ +"Invalid value for rate. Rate should be specified as an integer followed by +a forward slash '/' and either of these time units - second, minute, hour or day +eg. 1/second implies rule to be matched at an average of once per second" + |