functions.m4: Rate-limit rejections on error chains.

[firewall] / functions.m4

diff --git a/functions.m4 b/functions.m4
index 5cc70f8..b2e3cb6 100644 (file)
--- a/functions.m4
+++ b/functions.m4
@@ -104,7 +104,9 @@ errorchain () {
   run ip46tables -t $table -A $chain -j LOG \
          -m limit --limit 3/minute --limit-burst 10 \
          --log-prefix "fw: $chain " --log-level notice
-  run ip46tables -t $table -A $chain -j "$@"
+  run ip46tables -t $table -A $chain -j "$@" \
+         -m limit --limit 20/second --limit-burst 100
+  run ip46tables -t $table -A $chain -j DROP
 }
 
 m4_divert(24)m4_dnl