From: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu, 11 Sep 2014 14:19:17 +0000 (+0200)
Subject: rules.pl: Make rate limiting rules work for REJECT and DROP targets
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9cedf686f39578ff5f51ba6285b160cd798e27c3;p=people%2Fms%2Fipfire-2.x.git

rules.pl: Make rate limiting rules work for REJECT and DROP targets
---

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index 7a62bb4321..876076396f 100755
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -281,7 +281,11 @@ sub buildrules {
 				push(@ratelimit_options, ("--connlimit-mask", "32"));
 
 				# Apply the limit
-				push(@ratelimit_options, ("--connlimit-upto", $conn_limit));
+				if ($target eq "ACCEPT") {
+					push(@ratelimit_options, ("--connlimit-upto", $conn_limit));
+				} else {
+					push(@ratelimit_options, ("--connlimit-above", $conn_limit));
+				}
 			}
 		}
 
@@ -294,7 +298,11 @@ sub buildrules {
 				push(@ratelimit_options, ("--hashlimit-name", "rule-$key"));
 				push(@ratelimit_options, ("--hashlimit-mode", "srcip"));
 
-				push(@ratelimit_options, ("--hashlimit-upto", $rate_limit));
+				if ($target eq "ACCEPT") {
+					push(@ratelimit_options, ("--hashlimit-upto", $rate_limit));
+				} else {
+					push(@ratelimit_options, ("--hashlimit-above", $rate_limit));
+				}
 			}
 		}