summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorslioch <slioch@eng-140.vyatta.com>2009-07-27 14:05:00 -0700
committerslioch <slioch@eng-140.vyatta.com>2009-07-27 14:05:00 -0700
commit3b2101c3c78cd5224a1d2c233771778f67d2bba0 (patch)
treed983b8d7ad22dd27182e06f424fcd50ae33565c1 /src
parent96641370e0e1bccbe9197ea486db30c3019b2c3a (diff)
downloadvyatta-wanloadbalance-3b2101c3c78cd5224a1d2c233771778f67d2bba0.tar.gz
vyatta-wanloadbalance-3b2101c3c78cd5224a1d2c233771778f67d2bba0.zip
fixed iptables command for when limit is applied--only for state=NEW w/o source-based-policy applied
Diffstat (limited to 'src')
-rw-r--r--src/lbdecision.cc8
1 files changed, 4 insertions, 4 deletions
diff --git a/src/lbdecision.cc b/src/lbdecision.cc
index d7ff65b..cf77331 100644
--- a/src/lbdecision.cc
+++ b/src/lbdecision.cc
@@ -338,8 +338,8 @@ LBDecision::run(LBData &lb_data)
else {
if (iter->second._limit) {
//fill in limit statement here
- execute(string("iptables -t mangle -A WANLOADBALANCE_PRE_LIMIT_") + rule_str + " -m statistic --mode random --probability " + fbuf + " -j ISP_" + dbuf, stdout);
- execute(string("iptables -t mangle -A WANLOADBALANCE_OUT_LIMIT_") + rule_str + " -m statistic --mode random --probability " + fbuf + " -j ISP_" + dbuf, stdout);
+ execute(string("iptables -t mangle -A WANLOADBALANCE_PRE_LIMIT_") + rule_str + " -m state --state NEW -m statistic --mode random --probability " + fbuf + " -j ISP_" + dbuf, stdout);
+ execute(string("iptables -t mangle -A WANLOADBALANCE_OUT_LIMIT_") + rule_str + " -m state --state NEW -m statistic --mode random --probability " + fbuf + " -j ISP_" + dbuf, stdout);
}
else {
execute(string("iptables -t mangle -A WANLOADBALANCE_PRE ") + app_cmd + " -m state --state NEW -m statistic --mode random --probability " + fbuf + " -j ISP_" + dbuf, stdout);
@@ -365,8 +365,8 @@ LBDecision::run(LBData &lb_data)
else {
if (iter->second._limit) {
//fill in limit statement here
- execute(string("iptables -t mangle -A WANLOADBALANCE_PRE_LIMIT_") + rule_str + " -j ISP_" + dbuf, stdout);
- execute(string("iptables -t mangle -A WANLOADBALANCE_OUT_LIMIT_") + rule_str + " -j ISP_" + dbuf, stdout);
+ execute(string("iptables -t mangle -A WANLOADBALANCE_PRE_LIMIT_") + rule_str + " -m state --state NEW -j ISP_" + dbuf, stdout);
+ execute(string("iptables -t mangle -A WANLOADBALANCE_OUT_LIMIT_") + rule_str + " -m state --state NEW -j ISP_" + dbuf, stdout);
}
else {
execute(string("iptables -t mangle -A WANLOADBALANCE_PRE ") + app_cmd + " -m state --state NEW -j ISP_" + dbuf, stdout);
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-20 09:39:33 +0000