From 3b2101c3c78cd5224a1d2c233771778f67d2bba0 Mon Sep 17 00:00:00 2001
From: slioch <slioch@eng-140.vyatta.com>
Date: Mon, 27 Jul 2009 14:05:00 -0700
Subject: fixed iptables command for when limit is applied--only for state=NEW
 w/o source-based-policy applied

---
 src/lbdecision.cc | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/lbdecision.cc b/src/lbdecision.cc
index d7ff65b..cf77331 100644
--- a/src/lbdecision.cc
+++ b/src/lbdecision.cc
@@ -338,8 +338,8 @@ LBDecision::run(LBData &lb_data)
 	  else {
 	    if (iter->second._limit) {
 	      //fill in limit statement here
-	      execute(string("iptables -t mangle -A WANLOADBALANCE_PRE_LIMIT_") + rule_str + " -m statistic --mode random --probability " + fbuf + " -j ISP_" + dbuf, stdout);
-	      execute(string("iptables -t mangle -A WANLOADBALANCE_OUT_LIMIT_") + rule_str + " -m statistic --mode random --probability " + fbuf + " -j ISP_" + dbuf, stdout);
+	      execute(string("iptables -t mangle -A WANLOADBALANCE_PRE_LIMIT_") + rule_str + " -m state --state NEW -m statistic --mode random --probability " + fbuf + " -j ISP_" + dbuf, stdout);
+	      execute(string("iptables -t mangle -A WANLOADBALANCE_OUT_LIMIT_") + rule_str + " -m state --state NEW -m statistic --mode random --probability " + fbuf + " -j ISP_" + dbuf, stdout);
 	    }
 	    else {
 	      execute(string("iptables -t mangle -A WANLOADBALANCE_PRE ") + app_cmd + " -m state --state NEW -m statistic --mode random --probability " + fbuf + " -j ISP_" + dbuf, stdout);
@@ -365,8 +365,8 @@ LBDecision::run(LBData &lb_data)
 	else {
 	  if (iter->second._limit) {
 	    //fill in limit statement here
-	    execute(string("iptables -t mangle -A WANLOADBALANCE_PRE_LIMIT_") + rule_str + " -j ISP_" + dbuf, stdout);
-	    execute(string("iptables -t mangle -A WANLOADBALANCE_OUT_LIMIT_") + rule_str + " -j ISP_" + dbuf, stdout);
+	    execute(string("iptables -t mangle -A WANLOADBALANCE_PRE_LIMIT_") + rule_str + " -m state --state NEW -j ISP_" + dbuf, stdout);
+	    execute(string("iptables -t mangle -A WANLOADBALANCE_OUT_LIMIT_") + rule_str + " -m state --state NEW -j ISP_" + dbuf, stdout);
 	  }
 	  else {
 	    execute(string("iptables -t mangle -A WANLOADBALANCE_PRE ") + app_cmd + " -m state --state NEW -j ISP_" + dbuf, stdout);
-- 
cgit v1.2.3