diff options
| -rw-r--r-- | awall/model.lua | 13 | ||||
| -rw-r--r-- | awall/modules/filter.lua | 10 |
2 files changed, 14 insertions, 9 deletions
diff --git a/awall/model.lua b/awall/model.lua index fcc1ee8..6e29032 100644 --- a/awall/model.lua +++ b/awall/model.lua @@ -607,11 +607,16 @@ function M.Limit:recentopts() end end -function M.Limit:limitopts(name) +function M.Limit:limitofrags(name) local rate = self:rate() - return '-m hashlimit --hashlimit-upto '..rate.. - '/second --hashlimit-burst '..rate.. - ' --hashlimit-mode srcip --hashlimit-name '..(name or self:uniqueid()) + return { + { + opts='-m hashlimit --hashlimit-upto '..rate.. + '/second --hashlimit-burst '..rate.. + ' --hashlimit-mode srcip --hashlimit-name '.. + (name or self:uniqueid()) + } + } end diff --git a/awall/modules/filter.lua b/awall/modules/filter.lua index dd12132..5a9c8c1 100644 --- a/awall/modules/filter.lua +++ b/awall/modules/filter.lua @@ -265,11 +265,11 @@ function Filter:extraoptfrags() ofrags, logch = self:logchain(self.log, 'accept', 'ACCEPT') else logch = 'RETURN' end - limitofs = { - {opts=limitobj:limitopts(limitchain), target=logch}, - {target='DROP'} - } - if limitlog then table.insert(limitofs, 2, limitlog:optfrag()) end + limitofs = combinations( + limitobj:limitofrags(limitchain), {{target=logch}} + ) + if limitlog then table.insert(limitofs, limitlog:optfrag()) end + table.insert(limitofs, {target='DROP'}) end extend(ofrags, combinations({{chain=limitchain}}, limitofs)) |