From 085e778404e3058cc2b803d4d0fbd106abad8bd0 Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Fri, 2 Aug 2013 12:31:12 +0300
Subject: [PATCH] limit packet/connection rate per source IP

---
 awall/modules/filter.lua | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/awall/modules/filter.lua b/awall/modules/filter.lua
index f01b586..d21b79e 100644
--- a/awall/modules/filter.lua
+++ b/awall/modules/filter.lua
@@ -212,7 +212,7 @@ function Filter:extraoptfrags()
       if count > RECENT_MAX_COUNT then
 	 ofrags = {
 	    {
-	       opts='-m limit --limit '..count..'/second',
+	       opts='-m hashlimit --hashlimit-upto '..count..'/second --hashlimit-mode srcip --hashlimit-name '..chain,
 	       target=logchain(self.log, 'accept', 'ACCEPT')
 	    },
 	    {target='DROP'}
-- 
1.8.3.3