From 2532b116b8e50ad91b06ec532fdb3662c9a826a5 Mon Sep 17 00:00:00 2001 From: Christoph Date: Thu, 4 Apr 2024 18:34:28 +0200 Subject: [PATCH] Support user settings for sourvce IP connection limit - ff. --- ip6t-firewall-server | 12 ++++++------ ipt-firewall-server | 12 ++++++------ 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/ip6t-firewall-server b/ip6t-firewall-server index bd70de0..4abbdaf 100755 --- a/ip6t-firewall-server +++ b/ip6t-firewall-server @@ -23,7 +23,7 @@ load_modules_file=${ipt_conf_dir}/load_modules_ipv6.conf conf_logging=${ipt_conf_dir}/logging_ipv6.conf conf_interfaces=${ipt_conf_dir}/interfaces_ipv6.conf -conf_default_ports=${ipt_conf_dir}/default_ports.conf +conf_default_settings=${ipt_conf_dir}/default_settings.conf conf_main=${ipt_conf_dir}/main_ipv6.conf conf_post_declarations=${ipt_conf_dir}/post_decalrations.conf conf_ban_ipv6_list="${ipt_conf_dir}/ban_ipv6.list" @@ -112,10 +112,10 @@ else source $conf_logging fi -if [[ ! -f "$conf_default_ports" ]]; then - fatal "Missing configuration for default_ports - file '$conf_default_ports'" +if [[ ! -f "$conf_default_settings" ]]; then + fatal "Missing configuration for default_settings - file '$conf_default_settings'" else - source $conf_default_ports + source $conf_default_settings fi if [[ ! -f "$conf_interfaces" ]]; then @@ -815,9 +815,9 @@ fi echononl "\tLimit connections per source IP" if $limit_connections_per_source_IP ; then if $log_rejected || $log_all ; then - $ip6t -A INPUT -p tcp -m connlimit --connlimit-above 111 -j $LOG_TARGET $tag_log_prefix "$log_prefix CONN limit per IP: " + $ip6t -A INPUT -p tcp -m connlimit --connlimit-above $per_IP_connection_limit -j $LOG_TARGET $tag_log_prefix "$log_prefix CONN limit per IP: " fi - $ip6t -A INPUT -p tcp -m connlimit --connlimit-above 111 -j REJECT --reject-with tcp-reset + $ip6t -A INPUT -p tcp -m connlimit --connlimit-above $per_IP_connection_limit -j REJECT --reject-with tcp-reset echo_done else echo_skipped diff --git a/ipt-firewall-server b/ipt-firewall-server index d1d0ed4..822b1b1 100755 --- a/ipt-firewall-server +++ b/ipt-firewall-server @@ -23,7 +23,7 @@ load_modules_file=${ipt_conf_dir}/load_modules_ipv4.conf conf_logging=${ipt_conf_dir}/logging_ipv4.conf conf_interfaces=${ipt_conf_dir}/interfaces_ipv4.conf -conf_default_ports=${ipt_conf_dir}/default_ports.conf +conf_default_settings=${ipt_conf_dir}/default_settings.conf conf_main=${ipt_conf_dir}/main_ipv4.conf conf_post_declarations=${ipt_conf_dir}/post_decalrations.conf conf_ban_ipv4_list="${ipt_conf_dir}/ban_ipv4.list" @@ -112,10 +112,10 @@ else source $conf_logging fi -if [[ ! -f "$conf_default_ports" ]]; then - fatal "Missing configuration for default_ports - file '$conf_default_ports'" +if [[ ! -f "$conf_default_settings" ]]; then + fatal "Missing configuration for default_settings - file '$conf_default_settings'" else - source $conf_default_ports + source $conf_default_settings fi if [[ ! -f "$conf_interfaces" ]]; then @@ -968,9 +968,9 @@ fi echononl "\tLimit connections per source IP" if $limit_connections_per_source_IP ; then if $log_rejected || $log_all ; then - $ipt -A INPUT -p tcp -m connlimit --connlimit-above 111 -j $LOG_TARGET $tag_log_prefix "$log_prefix CONN limit per IP:" + $ipt -A INPUT -p tcp -m connlimit --connlimit-above $per_IP_connection_limit -j $LOG_TARGET $tag_log_prefix "$log_prefix CONN limit per IP:" fi - $ipt -A INPUT -p tcp -m connlimit --connlimit-above 111 -j REJECT --reject-with tcp-reset + $ipt -A INPUT -p tcp -m connlimit --connlimit-above $per_IP_connection_limit -j REJECT --reject-with tcp-reset echo_done else echo_skipped