rules.pl: Use hashlimit module for rate limiting

author Michael Tremer <michael.tremer@ipfire.org>

Thu, 11 Sep 2014 13:54:53 +0000 (15:54 +0200)

committer Michael Tremer <michael.tremer@ipfire.org>

Thu, 11 Sep 2014 14:17:02 +0000 (16:17 +0200)
author Michael Tremer <michael.tremer@ipfire.org>
Thu, 11 Sep 2014 13:54:53 +0000 (15:54 +0200)
committer Michael Tremer <michael.tremer@ipfire.org>
Thu, 11 Sep 2014 14:17:02 +0000 (16:17 +0200)
diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl

index 5e602b9bbe85f61ff6a41c8cc46d70b27b444f34..7a62bb432171ebc53f91f4ddd479fec653458290 100755 (executable)
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -290,8 +290,11 @@ sub buildrules {
                         my $rate_limit = "$$hash{$key}[35]/$$hash{$key}[36]";
  
                         if ($rate_limit) {
-                               push(@ratelimit_options, ("-m", "limit"));
-                               push(@ratelimit_options, ("--limit", $rate_limit));
+                               push(@ratelimit_options, ("-m", "hashlimit"));
+                               push(@ratelimit_options, ("--hashlimit-name", "rule-$key"));
+                               push(@ratelimit_options, ("--hashlimit-mode", "srcip"));
+
+                               push(@ratelimit_options, ("--hashlimit-upto", $rate_limit));
                         }
                 }
author	Michael Tremer <michael.tremer@ipfire.org>
	Thu, 11 Sep 2014 13:54:53 +0000 (15:54 +0200)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Thu, 11 Sep 2014 14:17:02 +0000 (16:17 +0200)