Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
10
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Open sidebar
alpine
awall
Commits
cdd8944b
Commit
cdd8944b
authored
Sep 30, 2017
by
Kaarle Ritvanen
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
test: update-limit
parent
46794855
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
112 additions
and
20 deletions
+112
-20
test/mandatory/filter-limit.lua
test/mandatory/filter-limit.lua
+8
-0
test/output/dump
test/output/dump
+80
-20
test/output/rules-save
test/output/rules-save
+12
-0
test/output/rules6-save
test/output/rules6-save
+12
-0
No files found.
test/mandatory/filter-limit.lua
View file @
cdd8944b
...
...
@@ -33,4 +33,12 @@ add('conn')
add
(
'flow'
)
add
(
'flow'
,
{[
'in'
]
=
'A'
,
out
=
'_fw'
,
[
'no-track'
]
=
true
})
for
_
,
measure
in
ipairs
{
'conn'
,
'flow'
}
do
for
_
,
addr
in
ipairs
{
'src'
,
'dest'
}
do
table.insert
(
res
,
{[
'update-limit'
]
=
{
name
=
'foo'
,
measure
=
measure
,
addr
=
addr
}}
)
end
end
print
(
json
.
encode
{
filter
=
res
})
test/output/dump
View file @
cdd8944b
...
...
@@ -1524,7 +1524,43 @@ Filter 96 {"flow-limit":{"count":30,"log":"none"},"in":"
inet/filter/OUTPUT -o eth0 -j ACCEPT
inet6/filter/OUTPUT -o eth0 -j ACCEPT
Filter 97 {}
Filter 97 {"update-limit":{"addr":"src","measure":"conn","name":"foo"}}
(filter-limit)
inet/filter/FORWARD -m recent --name user:foo --rsource --mask 255.255.255.255 --set
inet/filter/INPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set
inet6/filter/FORWARD -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/filter/INPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet/filter/OUTPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set
inet6/filter/OUTPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 98 {"update-limit":{"addr":"dest","measure":"conn","name":"foo"}}
(filter-limit)
inet/filter/FORWARD -m recent --name user:foo --rdest --mask 255.255.255.255 --set
inet/filter/INPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set
inet6/filter/FORWARD -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/filter/INPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet/filter/OUTPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set
inet6/filter/OUTPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 99 {"update-limit":{"addr":"src","measure":"flow","name":"foo"}}
(filter-limit)
inet/filter/FORWARD -m recent --name user:foo --rsource --mask 255.255.255.255 --set
inet/filter/INPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set
inet6/filter/FORWARD -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/filter/INPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet/filter/OUTPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set
inet6/filter/OUTPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 100 {"update-limit":{"addr":"dest","measure":"flow","name":"foo"}}
(filter-limit)
inet/filter/FORWARD -m recent --name user:foo --rdest --mask 255.255.255.255 --set
inet/filter/INPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set
inet6/filter/FORWARD -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/filter/INPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet/filter/OUTPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set
inet6/filter/OUTPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 101 {}
(log)
inet/filter/FORWARD -j ACCEPT
inet6/filter/FORWARD -j ACCEPT
...
...
@@ -1533,7 +1569,7 @@ Filter 97 {}
inet/filter/OUTPUT -j ACCEPT
inet6/filter/OUTPUT -j ACCEPT
Filter
98
{"action":"drop"}
Filter
102
{"action":"drop"}
(log)
inet/filter/FORWARD -j logdrop-19
inet6/filter/FORWARD -j logdrop-19
...
...
@@ -1546,7 +1582,7 @@ Filter 98 {"action":"drop"}
inet/filter/logdrop-19 -j DROP
inet6/filter/logdrop-19 -j DROP
Filter
99
{"action":"pass"}
Filter
103
{"action":"pass"}
(log)
inet/filter/FORWARD
inet6/filter/FORWARD
...
...
@@ -1555,7 +1591,7 @@ Filter 99 {"action":"pass"}
inet/filter/OUTPUT
inet6/filter/OUTPUT
Filter 10
0
{"log":false}
Filter 10
4
{"log":false}
(log)
inet/filter/FORWARD -j ACCEPT
inet6/filter/FORWARD -j ACCEPT
...
...
@@ -1564,7 +1600,7 @@ Filter 100 {"log":false}
inet/filter/OUTPUT -j ACCEPT
inet6/filter/OUTPUT -j ACCEPT
Filter 10
1
{"action":"drop","log":false}
Filter 10
5
{"action":"drop","log":false}
(log)
inet/filter/FORWARD -j DROP
inet6/filter/FORWARD -j DROP
...
...
@@ -1573,7 +1609,7 @@ Filter 101 {"action":"drop","log":false}
inet/filter/OUTPUT -j DROP
inet6/filter/OUTPUT -j DROP
Filter 10
2
{"action":"pass","log":false}
Filter 10
6
{"action":"pass","log":false}
(log)
inet/filter/FORWARD
inet6/filter/FORWARD
...
...
@@ -1582,7 +1618,7 @@ Filter 102 {"action":"pass","log":false}
inet/filter/OUTPUT
inet6/filter/OUTPUT
Filter 10
3
{"log":true}
Filter 10
7
{"log":true}
(log)
inet/filter/FORWARD -j logaccept-6
inet6/filter/FORWARD -j logaccept-6
...
...
@@ -1595,7 +1631,7 @@ Filter 103 {"log":true}
inet/filter/logaccept-6 -j ACCEPT
inet6/filter/logaccept-6 -j ACCEPT
Filter 10
4
{"action":"drop","log":true}
Filter 10
8
{"action":"drop","log":true}
(log)
inet/filter/FORWARD -j logdrop-20
inet6/filter/FORWARD -j logdrop-20
...
...
@@ -1608,7 +1644,7 @@ Filter 104 {"action":"drop","log":true}
inet/filter/logdrop-20 -j DROP
inet6/filter/logdrop-20 -j DROP
Filter 10
5
{"action":"pass","log":true}
Filter 10
9
{"action":"pass","log":true}
(log)
inet/filter/FORWARD -j logpass-0
inet6/filter/FORWARD -j logpass-0
...
...
@@ -1619,7 +1655,7 @@ Filter 105 {"action":"pass","log":true}
inet/filter/logpass-0 -m limit --limit 1/second -j LOG
inet6/filter/logpass-0 -m limit --limit 1/second -j LOG
Filter 10
6
{"log":"none"}
Filter 1
1
0 {"log":"none"}
(log)
inet/filter/FORWARD -j ACCEPT
inet6/filter/FORWARD -j ACCEPT
...
...
@@ -1628,7 +1664,7 @@ Filter 106 {"log":"none"}
inet/filter/OUTPUT -j ACCEPT
inet6/filter/OUTPUT -j ACCEPT
Filter 1
07
{"action":"drop","log":"none"}
Filter 1
11
{"action":"drop","log":"none"}
(log)
inet/filter/FORWARD -j DROP
inet6/filter/FORWARD -j DROP
...
...
@@ -1637,7 +1673,7 @@ Filter 107 {"action":"drop","log":"none"}
inet/filter/OUTPUT -j DROP
inet6/filter/OUTPUT -j DROP
Filter 1
08
{"action":"pass","log":"none"}
Filter 1
12
{"action":"pass","log":"none"}
(log)
inet/filter/FORWARD
inet6/filter/FORWARD
...
...
@@ -1646,7 +1682,7 @@ Filter 108 {"action":"pass","log":"none"}
inet/filter/OUTPUT
inet6/filter/OUTPUT
Filter 1
09
{"in":"_fw","no-track":true,"service":"http"}
Filter 1
13
{"in":"_fw","no-track":true,"service":"http"}
(no-track)
inet/filter/OUTPUT -p tcp --dport 80 -j ACCEPT
inet6/filter/OUTPUT -p tcp --dport 80 -j ACCEPT
...
...
@@ -1657,7 +1693,7 @@ Filter 109 {"in":"_fw","no-track":true,"service":"http"}
inet/filter/INPUT -p tcp --sport 80 -j ACCEPT
inet6/filter/INPUT -p tcp --sport 80 -j ACCEPT
Filter 11
0
{"dest":"172.17.0.0\/16","no-track":true,"service":"radius","src":"172.16.0.0\/16"}
Filter 11
4
{"dest":"172.17.0.0\/16","no-track":true,"service":"radius","src":"172.16.0.0\/16"}
(no-track)
inet/filter/FORWARD -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j ACCEPT
inet/filter/INPUT -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j ACCEPT
...
...
@@ -1680,7 +1716,7 @@ Filter 110 {"dest":"172.17.0.0\/16","no-track":true,"serv
inet/filter/OUTPUT -p tcp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j ACCEPT
inet/filter/OUTPUT -p udp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j ACCEPT
Filter 11
1
{"dest":"172.18.0.0\/16","no-track":true,"service":"ssh"}
Filter 11
5
{"dest":"172.18.0.0\/16","no-track":true,"service":"ssh"}
(no-track)
inet/filter/FORWARD -p tcp --dport 22 -d 172.18.0.0/16 -j ACCEPT
inet/filter/INPUT -p tcp --dport 22 -d 172.18.0.0/16 -j ACCEPT
...
...
@@ -1693,7 +1729,7 @@ Filter 111 {"dest":"172.18.0.0\/16","no-track":true,"serv
inet/filter/INPUT -p tcp --sport 22 -s 172.18.0.0/16 -j ACCEPT
inet/filter/OUTPUT -p tcp --sport 22 -s 172.18.0.0/16 -j ACCEPT
Filter 11
2
{"no-track":true,"out":"_fw","service":"ipsec"}
Filter 11
6
{"no-track":true,"out":"_fw","service":"ipsec"}
(no-track)
inet/filter/INPUT -p esp -j ACCEPT
inet6/filter/INPUT -p esp -j ACCEPT
...
...
@@ -1712,7 +1748,7 @@ Filter 112 {"no-track":true,"out":"_fw","service":"ipsec"
inet/filter/OUTPUT -p udp -m multiport --sports 500,4500 -j ACCEPT
inet6/filter/OUTPUT -p udp -m multiport --sports 500,4500 -j ACCEPT
Filter 11
3
{"in":["_fw","A"]}
Filter 11
7
{"in":["_fw","A"]}
(zone)
inet/filter/OUTPUT -j ACCEPT
inet6/filter/OUTPUT -j ACCEPT
...
...
@@ -1721,12 +1757,12 @@ Filter 113 {"in":["_fw","A"]}
inet/filter/INPUT -i eth0 -j ACCEPT
inet6/filter/INPUT -i eth0 -j ACCEPT
Filter 11
4
{"in":"B","out":"C"}
Filter 11
8
{"in":"B","out":"C"}
(zone)
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -o eth2 -d 10.1.0.0/12 -j ACCEPT
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -o eth3 -d 10.1.0.0/12 -j ACCEPT
Filter 11
5
{"out":["_fw","B"]}
Filter 11
9
{"out":["_fw","B"]}
(zone)
inet/filter/INPUT -j ACCEPT
inet6/filter/INPUT -j ACCEPT
...
...
@@ -1735,7 +1771,7 @@ Filter 115 {"out":["_fw","B"]}
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j ACCEPT
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j ACCEPT
Filter 1
16
{"in":["A","B","C","D","E"],"out":["A","B","C","D","E"]}
Filter 1
20
{"in":["A","B","C","D","E"],"out":["A","B","C","D","E"]}
(zone)
inet/filter/FORWARD -i eth0 -o eth1 -d 10.0.0.0/12 -j ACCEPT
inet6/filter/FORWARD -i eth0 -o eth1 -d fc00::/7 -j ACCEPT
...
...
@@ -2198,6 +2234,8 @@ hash:net family inet
:logreject-0 - [0:0]
:logtarpit-0 - [0:0]
:tarpit - [0:0]
-A FORWARD -m recent --name user:foo --rdest --mask 255.255.255.255 --set
-A FORWARD -m recent --name user:foo --rsource --mask 255.255.255.255 --set
-A FORWARD -j limit-59
-A FORWARD -j limit-58
-A FORWARD -j limit-57
...
...
@@ -2283,6 +2321,8 @@ hash:net family inet
-A FORWARD -j ACCEPT
-A FORWARD -j logaccept-final-5
-A FORWARD -j ACCEPT
-A FORWARD -m recent --name user:foo --rsource --mask 255.255.255.255 --set
-A FORWARD -m recent --name user:foo --rdest --mask 255.255.255.255 --set
-A FORWARD -j ACCEPT
-A FORWARD -j logdrop-19
-A FORWARD
...
...
@@ -2351,6 +2391,8 @@ hash:net family inet
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing
-A INPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set
-A INPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set
-A INPUT -j limit-59
-A INPUT -j limit-58
-A INPUT -j limit-57
...
...
@@ -2467,6 +2509,8 @@ hash:net family inet
-A INPUT -i eth0 -j limit-87
-A INPUT -i eth0 -j limit-88
-A INPUT -i eth0 -j limit-89
-A INPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set
-A INPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set
-A INPUT -j ACCEPT
-A INPUT -j logdrop-19
-A INPUT
...
...
@@ -2491,6 +2535,8 @@ hash:net family inet
-A INPUT -i eth0 -j ACCEPT
-A INPUT -j ACCEPT
-A INPUT -p icmp -j icmp-routing
-A OUTPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set
-A OUTPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set
-A OUTPUT -j limit-59
-A OUTPUT -j limit-58
-A OUTPUT -j limit-57
...
...
@@ -2595,6 +2641,8 @@ hash:net family inet
-A OUTPUT -o eth0 -j ACCEPT
-A OUTPUT -o eth0 -j ACCEPT
-A OUTPUT -o eth0 -j ACCEPT
-A OUTPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set
-A OUTPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set
-A OUTPUT -j ACCEPT
-A OUTPUT -j logdrop-19
-A OUTPUT
...
...
@@ -3134,6 +3182,8 @@ COMMIT
:logreject-0 - [0:0]
:logtarpit-0 - [0:0]
:tarpit - [0:0]
-A FORWARD -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
-A FORWARD -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
-A FORWARD -j limit-59
-A FORWARD -j limit-58
-A FORWARD -j limit-57
...
...
@@ -3219,6 +3269,8 @@ COMMIT
-A FORWARD -j ACCEPT
-A FORWARD -j logaccept-final-5
-A FORWARD -j ACCEPT
-A FORWARD -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
-A FORWARD -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
-A FORWARD -j ACCEPT
-A FORWARD -j logdrop-19
-A FORWARD
...
...
@@ -3257,6 +3309,8 @@ COMMIT
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
-A INPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
-A INPUT -j limit-59
-A INPUT -j limit-58
-A INPUT -j limit-57
...
...
@@ -3373,6 +3427,8 @@ COMMIT
-A INPUT -i eth0 -j limit-87
-A INPUT -i eth0 -j limit-88
-A INPUT -i eth0 -j limit-89
-A INPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
-A INPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
-A INPUT -j ACCEPT
-A INPUT -j logdrop-19
-A INPUT
...
...
@@ -3391,6 +3447,8 @@ COMMIT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -j ACCEPT
-A INPUT -p icmpv6 -j ACCEPT
-A OUTPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
-A OUTPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
-A OUTPUT -j limit-59
-A OUTPUT -j limit-58
-A OUTPUT -j limit-57
...
...
@@ -3495,6 +3553,8 @@ COMMIT
-A OUTPUT -o eth0 -j ACCEPT
-A OUTPUT -o eth0 -j ACCEPT
-A OUTPUT -o eth0 -j ACCEPT
-A OUTPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
-A OUTPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
-A OUTPUT -j ACCEPT
-A OUTPUT -j logdrop-19
-A OUTPUT
...
...
test/output/rules-save
View file @
cdd8944b
...
...
@@ -132,6 +132,8 @@
:logreject-0 - [0:0]
:logtarpit-0 - [0:0]
:tarpit - [0:0]
-A FORWARD -m recent --name user:foo --rdest --mask 255.255.255.255 --set
-A FORWARD -m recent --name user:foo --rsource --mask 255.255.255.255 --set
-A FORWARD -j limit-59
-A FORWARD -j limit-58
-A FORWARD -j limit-57
...
...
@@ -217,6 +219,8 @@
-A FORWARD -j ACCEPT
-A FORWARD -j logaccept-final-5
-A FORWARD -j ACCEPT
-A FORWARD -m recent --name user:foo --rsource --mask 255.255.255.255 --set
-A FORWARD -m recent --name user:foo --rdest --mask 255.255.255.255 --set
-A FORWARD -j ACCEPT
-A FORWARD -j logdrop-19
-A FORWARD
...
...
@@ -285,6 +289,8 @@
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing
-A INPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set
-A INPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set
-A INPUT -j limit-59
-A INPUT -j limit-58
-A INPUT -j limit-57
...
...
@@ -401,6 +407,8 @@
-A INPUT -i eth0 -j limit-87
-A INPUT -i eth0 -j limit-88
-A INPUT -i eth0 -j limit-89
-A INPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set
-A INPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set
-A INPUT -j ACCEPT
-A INPUT -j logdrop-19
-A INPUT
...
...
@@ -425,6 +433,8 @@
-A INPUT -i eth0 -j ACCEPT
-A INPUT -j ACCEPT
-A INPUT -p icmp -j icmp-routing
-A OUTPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set
-A OUTPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set
-A OUTPUT -j limit-59
-A OUTPUT -j limit-58
-A OUTPUT -j limit-57
...
...
@@ -529,6 +539,8 @@
-A OUTPUT -o eth0 -j ACCEPT
-A OUTPUT -o eth0 -j ACCEPT
-A OUTPUT -o eth0 -j ACCEPT
-A OUTPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set
-A OUTPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set
-A OUTPUT -j ACCEPT
-A OUTPUT -j logdrop-19
-A OUTPUT
...
...
test/output/rules6-save
View file @
cdd8944b
...
...
@@ -132,6 +132,8 @@
:logreject-0 - [0:0]
:logtarpit-0 - [0:0]
:tarpit - [0:0]
-A FORWARD -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
-A FORWARD -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
-A FORWARD -j limit-59
-A FORWARD -j limit-58
-A FORWARD -j limit-57
...
...
@@ -217,6 +219,8 @@
-A FORWARD -j ACCEPT
-A FORWARD -j logaccept-final-5
-A FORWARD -j ACCEPT
-A FORWARD -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
-A FORWARD -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
-A FORWARD -j ACCEPT
-A FORWARD -j logdrop-19
-A FORWARD
...
...
@@ -255,6 +259,8 @@
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
-A INPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
-A INPUT -j limit-59
-A INPUT -j limit-58
-A INPUT -j limit-57
...
...
@@ -371,6 +377,8 @@
-A INPUT -i eth0 -j limit-87
-A INPUT -i eth0 -j limit-88
-A INPUT -i eth0 -j limit-89
-A INPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
-A INPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
-A INPUT -j ACCEPT
-A INPUT -j logdrop-19
-A INPUT
...
...
@@ -389,6 +397,8 @@
-A INPUT -i eth0 -j ACCEPT
-A INPUT -j ACCEPT
-A INPUT -p icmpv6 -j ACCEPT
-A OUTPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
-A OUTPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
-A OUTPUT -j limit-59
-A OUTPUT -j limit-58
-A OUTPUT -j limit-57
...
...
@@ -493,6 +503,8 @@
-A OUTPUT -o eth0 -j ACCEPT
-A OUTPUT -o eth0 -j ACCEPT
-A OUTPUT -o eth0 -j ACCEPT
-A OUTPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
-A OUTPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
-A OUTPUT -j ACCEPT
-A OUTPUT -j logdrop-19
-A OUTPUT
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment