~mdw
/
firewall
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
numbers.m4, gibson.m4: Allow gibson public SIP access.
[firewall]
/
functions.m4
diff --git
a/functions.m4
b/functions.m4
index
c0cd0b3
..
05decbf
100644
(file)
--- a/
functions.m4
+++ b/
functions.m4
@@
-50,6
+50,14
@@
defport () {
eval port_$name=$number
}
eval port_$name=$number
}
+## defproto NAME NUMBER
+##
+## Define $proto_NAME to be NUMBER.
+defproto () {
+ name=$1 number=$2
+ eval proto_$name=$number
+}
+
m4_divert(38)m4_dnl
###--------------------------------------------------------------------------
### Utility chains (used by function definitions).
m4_divert(38)m4_dnl
###--------------------------------------------------------------------------
### Utility chains (used by function definitions).
@@
-77,10
+85,23
@@
clearchain () {
*:*) table=${chain%:*} chain=${chain#*:} ;;
*) table=filter ;;
esac
*:*) table=${chain%:*} chain=${chain#*:} ;;
*) table=filter ;;
esac
- run ip46tables -t $table -N $chain
+ run ip46tables -t $table -N $chain
2>/dev/null || :
done
}
done
}
+## makeset SET TYPE [PARAMS]
+##
+## Ensure that the named ipset exists. Don't clear it.
+makeset () {
+ set -e
+ name=$1; shift
+ if ipset -nL | grep -q "^Name: $name$"; then
+ :
+ else
+ ipset -N "$name" "$@"
+ fi
+}
+
## errorchain CHAIN ACTION ARGS ...
##
## Make a chain which logs a message and then invokes some other action,
## errorchain CHAIN ACTION ARGS ...
##
## Make a chain which logs a message and then invokes some other action,
@@
-96,7
+117,9
@@
errorchain () {
run ip46tables -t $table -A $chain -j LOG \
-m limit --limit 3/minute --limit-burst 10 \
--log-prefix "fw: $chain " --log-level notice
run ip46tables -t $table -A $chain -j LOG \
-m limit --limit 3/minute --limit-burst 10 \
--log-prefix "fw: $chain " --log-level notice
- run ip46tables -t $table -A $chain -j "$@"
+ run ip46tables -t $table -A $chain -j "$@" \
+ -m limit --limit 20/second --limit-burst 100
+ run ip46tables -t $table -A $chain -j DROP
}
m4_divert(24)m4_dnl
}
m4_divert(24)m4_dnl