firewall/ipt-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Support user settings for sourvce IP connection limit - ff.

Browse Source
This commit is contained in:
Christoph 2024-04-04 18:34:28 +02:00
parent 738809ba95
commit 2532b116b8
2 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
ip6t-firewall-server
View File

@ -23,7 +23,7 @@ load_modules_file=${ipt_conf_dir}/load_modules_ipv6.conf
conf_logging=${ipt_conf_dir}/logging_ipv6.conf conf_logging=${ipt_conf_dir}/logging_ipv6.conf
conf_interfaces=${ipt_conf_dir}/interfaces_ipv6.conf conf_interfaces=${ipt_conf_dir}/interfaces_ipv6.conf
conf_default_ports=${ipt_conf_dir}/default_ports.conf conf_default_settings=${ipt_conf_dir}/default_settings.conf
conf_main=${ipt_conf_dir}/main_ipv6.conf conf_main=${ipt_conf_dir}/main_ipv6.conf
conf_post_declarations=${ipt_conf_dir}/post_decalrations.conf conf_post_declarations=${ipt_conf_dir}/post_decalrations.conf
conf_ban_ipv6_list="${ipt_conf_dir}/ban_ipv6.list" conf_ban_ipv6_list="${ipt_conf_dir}/ban_ipv6.list"
@ -112,10 +112,10 @@ else
source $conf_logging source $conf_logging
fi fi
if [[ ! -f "$conf_default_ports" ]]; then if [[ ! -f "$conf_default_settings" ]]; then
fatal "Missing configuration for default_ports - file '$conf_default_ports'" fatal "Missing configuration for default_settings - file '$conf_default_settings'"
else else
source $conf_default_ports source $conf_default_settings
fi fi
if [[ ! -f "$conf_interfaces" ]]; then if [[ ! -f "$conf_interfaces" ]]; then
@ -815,9 +815,9 @@ fi
echononl "\tLimit connections per source IP" echononl "\tLimit connections per source IP"
if $limit_connections_per_source_IP ; then if $limit_connections_per_source_IP ; then
if $log_rejected || $log_all ; then if $log_rejected || $log_all ; then
$ip6t -A INPUT -p tcp -m connlimit --connlimit-above 111 -j $LOG_TARGET $tag_log_prefix "$log_prefix CONN limit per IP: " $ip6t -A INPUT -p tcp -m connlimit --connlimit-above $per_IP_connection_limit -j $LOG_TARGET $tag_log_prefix "$log_prefix CONN limit per IP: "
fi fi
$ip6t -A INPUT -p tcp -m connlimit --connlimit-above 111 -j REJECT --reject-with tcp-reset $ip6t -A INPUT -p tcp -m connlimit --connlimit-above $per_IP_connection_limit -j REJECT --reject-with tcp-reset
echo_done echo_done
else else
echo_skipped echo_skipped

12
ipt-firewall-server
View File

@ -23,7 +23,7 @@ load_modules_file=${ipt_conf_dir}/load_modules_ipv4.conf
conf_logging=${ipt_conf_dir}/logging_ipv4.conf conf_logging=${ipt_conf_dir}/logging_ipv4.conf
conf_interfaces=${ipt_conf_dir}/interfaces_ipv4.conf conf_interfaces=${ipt_conf_dir}/interfaces_ipv4.conf
conf_default_ports=${ipt_conf_dir}/default_ports.conf conf_default_settings=${ipt_conf_dir}/default_settings.conf
conf_main=${ipt_conf_dir}/main_ipv4.conf conf_main=${ipt_conf_dir}/main_ipv4.conf
conf_post_declarations=${ipt_conf_dir}/post_decalrations.conf conf_post_declarations=${ipt_conf_dir}/post_decalrations.conf
conf_ban_ipv4_list="${ipt_conf_dir}/ban_ipv4.list" conf_ban_ipv4_list="${ipt_conf_dir}/ban_ipv4.list"
@ -112,10 +112,10 @@ else
source $conf_logging source $conf_logging
fi fi
if [[ ! -f "$conf_default_ports" ]]; then if [[ ! -f "$conf_default_settings" ]]; then
fatal "Missing configuration for default_ports - file '$conf_default_ports'" fatal "Missing configuration for default_settings - file '$conf_default_settings'"
else else
source $conf_default_ports source $conf_default_settings
fi fi
if [[ ! -f "$conf_interfaces" ]]; then if [[ ! -f "$conf_interfaces" ]]; then
@ -968,9 +968,9 @@ fi
echononl "\tLimit connections per source IP" echononl "\tLimit connections per source IP"
if $limit_connections_per_source_IP ; then if $limit_connections_per_source_IP ; then
if $log_rejected || $log_all ; then if $log_rejected || $log_all ; then
$ipt -A INPUT -p tcp -m connlimit --connlimit-above 111 -j $LOG_TARGET $tag_log_prefix "$log_prefix CONN limit per IP:" $ipt -A INPUT -p tcp -m connlimit --connlimit-above $per_IP_connection_limit -j $LOG_TARGET $tag_log_prefix "$log_prefix CONN limit per IP:"
fi fi
$ipt -A INPUT -p tcp -m connlimit --connlimit-above 111 -j REJECT --reject-with tcp-reset $ipt -A INPUT -p tcp -m connlimit --connlimit-above $per_IP_connection_limit -j REJECT --reject-with tcp-reset
echo_done echo_done
else else
echo_skipped echo_skipped