diff options
| author | slioch <slioch@eng-140.vyatta.com> | 2009-07-27 14:05:00 -0700 |
|---|---|---|
| committer | slioch <slioch@eng-140.vyatta.com> | 2009-07-27 14:05:00 -0700 |
| commit | 3b2101c3c78cd5224a1d2c233771778f67d2bba0 (patch) | |
| tree | d983b8d7ad22dd27182e06f424fcd50ae33565c1 /src/lbdecision.cc | |
| parent | 96641370e0e1bccbe9197ea486db30c3019b2c3a (diff) | |
| download | vyatta-wanloadbalance-3b2101c3c78cd5224a1d2c233771778f67d2bba0.tar.gz vyatta-wanloadbalance-3b2101c3c78cd5224a1d2c233771778f67d2bba0.zip | |
fixed iptables command for when limit is applied--only for state=NEW w/o source-based-policy applied
Diffstat (limited to 'src/lbdecision.cc')
| -rw-r--r-- | src/lbdecision.cc | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/src/lbdecision.cc b/src/lbdecision.cc index d7ff65b..cf77331 100644 --- a/src/lbdecision.cc +++ b/src/lbdecision.cc @@ -338,8 +338,8 @@ LBDecision::run(LBData &lb_data) else { if (iter->second._limit) { //fill in limit statement here - execute(string("iptables -t mangle -A WANLOADBALANCE_PRE_LIMIT_") + rule_str + " -m statistic --mode random --probability " + fbuf + " -j ISP_" + dbuf, stdout); - execute(string("iptables -t mangle -A WANLOADBALANCE_OUT_LIMIT_") + rule_str + " -m statistic --mode random --probability " + fbuf + " -j ISP_" + dbuf, stdout); + execute(string("iptables -t mangle -A WANLOADBALANCE_PRE_LIMIT_") + rule_str + " -m state --state NEW -m statistic --mode random --probability " + fbuf + " -j ISP_" + dbuf, stdout); + execute(string("iptables -t mangle -A WANLOADBALANCE_OUT_LIMIT_") + rule_str + " -m state --state NEW -m statistic --mode random --probability " + fbuf + " -j ISP_" + dbuf, stdout); } else { execute(string("iptables -t mangle -A WANLOADBALANCE_PRE ") + app_cmd + " -m state --state NEW -m statistic --mode random --probability " + fbuf + " -j ISP_" + dbuf, stdout); @@ -365,8 +365,8 @@ LBDecision::run(LBData &lb_data) else { if (iter->second._limit) { //fill in limit statement here - execute(string("iptables -t mangle -A WANLOADBALANCE_PRE_LIMIT_") + rule_str + " -j ISP_" + dbuf, stdout); - execute(string("iptables -t mangle -A WANLOADBALANCE_OUT_LIMIT_") + rule_str + " -j ISP_" + dbuf, stdout); + execute(string("iptables -t mangle -A WANLOADBALANCE_PRE_LIMIT_") + rule_str + " -m state --state NEW -j ISP_" + dbuf, stdout); + execute(string("iptables -t mangle -A WANLOADBALANCE_OUT_LIMIT_") + rule_str + " -m state --state NEW -j ISP_" + dbuf, stdout); } else { execute(string("iptables -t mangle -A WANLOADBALANCE_PRE ") + app_cmd + " -m state --state NEW -j ISP_" + dbuf, stdout); |