aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--awall/modules/filter.lua12
1 files changed, 10 insertions, 2 deletions
diff --git a/awall/modules/filter.lua b/awall/modules/filter.lua
index cde2112..c04f74e 100644
--- a/awall/modules/filter.lua
+++ b/awall/modules/filter.lua
@@ -77,6 +77,8 @@ function Filter:trules()
extrarules('dnat', {['ip-range']=dnataddr, out=nil})
end
+ if self.action == 'tarpit' then extrarules('no-track') end
+
awall.util.extend(res, model.Rule.trules(self))
return res
@@ -132,10 +134,11 @@ classes = {{'filter', Filter},
defrules = {pre={}, ['post-filter']={}}
+local limitedlog = '-m limit --limit 1/second -j LOG'
+
for i, family in ipairs({'inet', 'inet6'}) do
for i, target in ipairs({'drop', 'reject'}) do
- for i, opts in ipairs({'-m limit --limit 1/second -j LOG',
- '-j '..string.upper(target)}) do
+ for i, opts in ipairs({limitedlog, '-j '..string.upper(target)}) do
table.insert(defrules.pre,
{family=family,
table='filter',
@@ -144,6 +147,11 @@ for i, family in ipairs({'inet', 'inet6'}) do
end
end
+ for i, opts in ipairs({limitedlog, '-p tcp -j TARPIT', '-j DROP'}) do
+ table.insert(defrules.pre,
+ {family=family, table='filter', chain='tarpit', opts=opts})
+ end
+
for i, chain in ipairs({'FORWARD', 'INPUT', 'OUTPUT'}) do
table.insert(defrules.pre,
{family=family,
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-13 02:13:47 +0000