diff options
| author | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2014-09-18 12:12:01 +0300 |
|---|---|---|
| committer | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2014-09-18 12:23:44 +0300 |
| commit | f48f9461c9fd1b4c4643fc1d41038dba94983220 (patch) | |
| tree | 4ab5a2a596cedfd69e06aa72ce9899a1e3463e59 | |
| parent | d4d5dd6275329ef410b28ab70a0bea2ae76ef3f4 (diff) | |
| download | awall-f48f9461c9fd1b4c4643fc1d41038dba94983220.tar.bz2 awall-f48f9461c9fd1b4c4643fc1d41038dba94983220.tar.xz | |
Limit: allow returning multiple limit option fragments
| -rw-r--r-- | awall/model.lua | 13 | ||||
| -rw-r--r-- | awall/modules/filter.lua | 10 |
2 files changed, 14 insertions, 9 deletions
diff --git a/awall/model.lua b/awall/model.lua index fcc1ee8..6e29032 100644 --- a/awall/model.lua +++ b/awall/model.lua @@ -607,11 +607,16 @@ function M.Limit:recentopts() end end -function M.Limit:limitopts(name) +function M.Limit:limitofrags(name) local rate = self:rate() - return '-m hashlimit --hashlimit-upto '..rate.. - '/second --hashlimit-burst '..rate.. - ' --hashlimit-mode srcip --hashlimit-name '..(name or self:uniqueid()) + return { + { + opts='-m hashlimit --hashlimit-upto '..rate.. + '/second --hashlimit-burst '..rate.. + ' --hashlimit-mode srcip --hashlimit-name '.. + (name or self:uniqueid()) + } + } end diff --git a/awall/modules/filter.lua b/awall/modules/filter.lua index dd12132..5a9c8c1 100644 --- a/awall/modules/filter.lua +++ b/awall/modules/filter.lua @@ -265,11 +265,11 @@ function Filter:extraoptfrags() ofrags, logch = self:logchain(self.log, 'accept', 'ACCEPT') else logch = 'RETURN' end - limitofs = { - {opts=limitobj:limitopts(limitchain), target=logch}, - {target='DROP'} - } - if limitlog then table.insert(limitofs, 2, limitlog:optfrag()) end + limitofs = combinations( + limitobj:limitofrags(limitchain), {{target=logch}} + ) + if limitlog then table.insert(limitofs, limitlog:optfrag()) end + table.insert(limitofs, {target='DROP'}) end extend(ofrags, combinations({{chain=limitchain}}, limitofs)) |