functions.m4: Rate-limit rejections on error chains.

author Mark Wooding <mdw@distorted.org.uk>

Sat, 23 Jul 2011 10:18:26 +0000 (11:18 +0100)

committer Mark Wooding <mdw@distorted.org.uk>

Sat, 23 Jul 2011 10:18:26 +0000 (11:18 +0100)
author Mark Wooding <mdw@distorted.org.uk>
Sat, 23 Jul 2011 10:18:26 +0000 (11:18 +0100)
committer Mark Wooding <mdw@distorted.org.uk>
Sat, 23 Jul 2011 10:18:26 +0000 (11:18 +0100)
diff --git a/functions.m4 b/functions.m4

index 5cc70f8..b2e3cb6 100644 (file)
--- a/functions.m4
+++ b/functions.m4
@@ -104,7 +104,9 @@ errorchain () {
    run ip46tables -t $table -A $chain -j LOG \
           -m limit --limit 3/minute --limit-burst 10 \
           --log-prefix "fw: $chain " --log-level notice
-  run ip46tables -t $table -A $chain -j "$@"
+  run ip46tables -t $table -A $chain -j "$@" \
+         -m limit --limit 20/second --limit-burst 100
+  run ip46tables -t $table -A $chain -j DROP
  }
  
  m4_divert(24)m4_dnl
author	Mark Wooding <mdw@distorted.org.uk>
	Sat, 23 Jul 2011 10:18:26 +0000 (11:18 +0100)
committer	Mark Wooding <mdw@distorted.org.uk>
	Sat, 23 Jul 2011 10:18:26 +0000 (11:18 +0100)