clearchain $table:$chain
run ip46tables -t $table -A $chain -j LOG \
-m limit --limit 3/minute --limit-burst 10 \
- --log-prefix "fw: $chain " --log-level notice
+ --log-prefix "fw: $chain " --log-level notice || :
run ip46tables -t $table -A $chain -j "$@" \
-m limit --limit 20/second --limit-burst 100
run ip46tables -t $table -A $chain -j DROP
### `defnetclass'.
### net_inet_NET List of IPv4 address ranges in the network.
### net_inet6_NET List of IPv6 address ranges in the network.
-### net_fwd_NET List of other networks that this one forwards to.
+### net_via_NET List of other networks that this one forwards via.
### net_hosts_NET List of hosts known to be in the network.
### host_inet_HOST IPv4 address of the named HOST.
### host_inet6_HOST IPv6 address of the named HOST.
## defnet NET CLASS
##
-## Define a network. Follow by calls to `addr', `forwards', etc. to define
+## Define a network. Follow by calls to `addr', `via', etc. to define
## properties of the network. Networks are processed in order, so if their
## addresses overlap then the more specific addresses should be defined
## earlier.
done
}
-## forwards NET ...
+## via NET ...
##
## Declare that packets from this network are forwarded to the other NETs.
-forwards () {
- eval "net_fwd_$net=\"$*\""
+via () {
+ eval "net_via_$net=\"$*\""
}
## noxit NET ...
nextnets=""
any=nil
for net in $nets; do
- eval fwd=\$net_fwd_$net
- for n in $fwd; do
+ eval via=\$net_via_$net
+ for n in $via; do
case $seen in *":$n:"*) continue ;; esac
seen=$seen$n:
eval noxit=\$net_noxit_$n