aboutsummaryrefslogtreecommitdiffstats
path: root/main/awall/0001-limit-packet-connection-rate-per-source-IP.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/awall/0001-limit-packet-connection-rate-per-source-IP.patch')
-rw-r--r--main/awall/0001-limit-packet-connection-rate-per-source-IP.patch25
1 files changed, 25 insertions, 0 deletions
diff --git a/main/awall/0001-limit-packet-connection-rate-per-source-IP.patch b/main/awall/0001-limit-packet-connection-rate-per-source-IP.patch
new file mode 100644
index 0000000000..e7767b91d7
--- /dev/null
+++ b/main/awall/0001-limit-packet-connection-rate-per-source-IP.patch
@@ -0,0 +1,25 @@
+From 085e778404e3058cc2b803d4d0fbd106abad8bd0 Mon Sep 17 00:00:00 2001
+From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
+Date: Fri, 2 Aug 2013 12:31:12 +0300
+Subject: [PATCH] limit packet/connection rate per source IP
+
+---
+ awall/modules/filter.lua | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/awall/modules/filter.lua b/awall/modules/filter.lua
+index f01b586..d21b79e 100644
+--- a/awall/modules/filter.lua
++++ b/awall/modules/filter.lua
+@@ -212,7 +212,7 @@ function Filter:extraoptfrags()
+ if count > RECENT_MAX_COUNT then
+ ofrags = {
+ {
+- opts='-m limit --limit '..count..'/second',
++ opts='-m hashlimit --hashlimit-upto '..count..'/second --hashlimit-mode srcip --hashlimit-name '..chain,
+ target=logchain(self.log, 'accept', 'ACCEPT')
+ },
+ {target='DROP'}
+--
+1.8.3.3
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-04 18:11:45 +0000