1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
|
--[[
Filter limit test cases for Alpine Wall
Copyright (C) 2012-2017 Kaarle Ritvanen
See LICENSE file for license details
]]--
util = require('awall.util')
json = require('cjson')
res = {}
function add(limit_type, filter)
local logopts = {false, true, 'mirror', 'none', 'ulog'}
for _, high_rate in ipairs{false, true} do
local function add_limit(limit)
for _, log in ipairs(logopts) do
for _, action in ipairs{false, 'pass'} do
if not (high_rate and log and action) then
table.insert(
res,
util.update(
{
[limit_type..'-limit']=util.copy(limit),
log=log or nil,
action=action or nil
},
filter or {}
)
)
end
end
end
end
local count = high_rate and 150 or nil
add_limit(count or 1)
for _, interval in ipairs{false, 5} do
for _, log in ipairs(logopts) do
local limit = {count=count, interval=interval or nil}
if log ~= true then limit.log = log end
add_limit(limit)
if not high_rate then
for _, name in ipairs{'A', 'C'} do
limit.name = name
for _, addr in ipairs{false, 'dest'} do
limit.addr = addr or nil
limit.update = nil
add_limit(limit)
limit.update = false
add_limit(limit)
end
end
end
end
end
end
end
add('conn', {out='B'})
add('conn', {['in']='_fw', out='B'})
add('flow')
add('flow', {['in']='A', out='_fw', service='ntp', ['no-track']=true})
for _, name in ipairs{'A', 'B', 'C', 'D'} do
table.insert(res, {['update-limit']=name})
end
function add_update_limit(name, measure)
for _, addr in ipairs{'src', 'dest'} do
table.insert(
res, {['update-limit']={name=name, measure=measure, addr=addr}}
)
end
end
add_update_limit('A', 'conn')
add_update_limit('B', 'flow')
print(json.encode{filter=res})
|
