webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-28 11:43:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

firewall: fix rules.pl for old rules without ratelimiting.

Browse Source
This commit is contained in:
Michael Tremer
2014-10-04 13:52:15 +02:00
committed by Arne Fitzenreiter
parent 243f8ca6e9
commit 791c2b45d8
1 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
config/firewall/rules.pl
View File

@@ -131,6 +131,12 @@ sub print_rule {
print "\n";
}
sub count_elements {
my $hash = shift;
return scalar @$hash;
}
sub flush {
run("$IPTABLES -F $CHAIN_INPUT");
run("$IPTABLES -F $CHAIN_FORWARD");
@@ -186,6 +192,9 @@ sub buildrules {
# Skip disabled rules.
next unless ($$hash{$key}[2] eq 'ON');
# Count number of elements in this line
my $elements = &count_elements($$hash{$key});
if ($DEBUG) {
print_rule($$hash{$key});
}
@@ -270,7 +279,8 @@ sub buildrules {
# Concurrent connection limit
my @ratelimit_options = ();
if ($$hash{$key}[32] eq 'ON') {
if (($elements gt 34) && ($$hash{$key}[32] eq 'ON')) {
my $conn_limit = $$hash{$key}[33];
if ($conn_limit ge 1) {
@@ -286,7 +296,7 @@ sub buildrules {
}
# Ratelimit
if ($$hash{$key}[34] eq 'ON') {
if (($elements gt 37) && ($$hash{$key}[34] eq 'ON')) {
my $rate_limit = "$$hash{$key}[35]/$$hash{$key}[36]";
if ($rate_limit) {