On Tue, 2009-04-07 at 09:12 -0700, Tom Eastep wrote:
> 7) Thanks to I. Buijs, it is now possible to rate-limit connections by
> source IP or destination IP. The LIMIT:BURST column in
> /etc/shorewall/policy (/etc/shorewall6/policy) and the RATE LIMIT
> column /etc/shorewall/rules (/etc/shorewall6/rules) have been
> extended as follows:
>
> [{s|d}:[[<name>]:]]<rate>/{sec|min}[:<burst>]
>
> When s: is specified, the rate is per source IP address.
> ACCEPT net fw tcp 22 - - s:ssh:3/min
>
> This will limit SSH connections from net->fw to 3 per minute.
Sweet! So this effectively supersedes the Limit [1] action?
I assume it also uses the recent match -- does it actually generate the
same iptables rules?
Karsten
[1] http://shorewall.net/Actions.html#Limit
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
------------------------------------------------------------------------------
This SF.net email is sponsored by:
High Quality Requirements in a Collaborative Environment.
Download a free trial of Rational Requirements Composer Now!
http://p.sf.net/sfu/www-ibm-com
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
