webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-27 03:07:43 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of ssh://git.ipfire.org/pub/git/ipfire-2.x into seventeen-geoip

Browse Source 
Conflicts:
	make.sh
This commit is contained in:
Stefan Schantl
2015-02-14 12:34:31 +01:00
parent d9bf6d8b2f 309b7de86e
commit bc9446c65f
173 changed files with 66176 additions and 3094 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
config/firewall/rules.pl
View File

@@ -284,7 +284,7 @@ sub buildrules {
# Concurrent connection limit
my @ratelimit_options = ();
if (($elements gt 34) && ($$hash{$key}[32] eq 'ON')) {
if (($elements ge 34) && ($$hash{$key}[32] eq 'ON')) {
my $conn_limit = $$hash{$key}[33];
if ($conn_limit ge 1) {
@@ -300,13 +300,13 @@ sub buildrules {
}
# Ratelimit
if (($elements gt 37) && ($$hash{$key}[34] eq 'ON')) {
if (($elements ge 37) && ($$hash{$key}[34] eq 'ON')) {
my $rate_limit = "$$hash{$key}[35]/$$hash{$key}[36]";
if ($rate_limit) {
push(@ratelimit_options, ("-m", "limit"));
push(@ratelimit_options, ("--limit", $rate_limit));
}
if ($rate_limit) {
push(@ratelimit_options, ("-m", "limit"));
push(@ratelimit_options, ("--limit", $rate_limit));
}
}
# Check which protocols are used in this rule and so that we can
@@ -372,20 +372,12 @@ sub buildrules {
push(@source_options, ("-s", $source));
}
if ($source_intf) {
push(@source_options, ("-i", $source_intf));
}
# Prepare destination options.
my @destination_options = ();
if ($destination) {
push(@destination_options, ("-d", $destination));
}
if ($destination_intf) {
push(@destination_options, ("-o", $destination_intf));
}
# Add time constraint options.
push(@options, @time_options);
@@ -480,6 +472,17 @@ sub buildrules {
}
}
# Add source and destination interface to the filter rules.
# These are supposed to help filtering forged packets that originate
# from BLUE with an IP address from GREEN for instance.
if ($source_intf) {
push(@source_options, ("-i", $source_intf));
}
if ($destination_intf) {
push(@destination_options, ("-o", $destination_intf));
}
push(@options, @source_options);
push(@options, @destination_options);