Skip to content

Commit

Permalink
Fix "accept with limit"
Browse files Browse the repository at this point in the history 
Chain names were created too long and only the first of IPv4 or IPv6
  • Loading branch information
@philwhineray
philwhineray committed Oct 15, 2014
1 parent b349e23 commit 6dd351f
Showing 1 changed file with 8 additions and 8 deletions.
16 changes: 8 additions & 8 deletions sbin/firehol.in
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4570,14 +4570,14 @@ rule_action_param() {
# to pass.
if [ "${do_accept_limit}" = "1" ]
then
local accept_limit_chain="`echo "ACCEPT LIMIT ${freq} ${burst} ${overflow}" | tr " /." "___"`"
local accept_limit_chain="`echo "ACC LIM ${freq} ${burst} ${overflow}" | tr " /." "___"`"

# does the chain we need already exist?
if [ ! -f "${FIREHOL_CHAINS_DIR}/${accept_limit_chain}" ]
if [ ! -f "${FIREHOL_CHAINS_DIR}/${accept_limit_chain}.${iptables_cmd}" ]
then
# the chain does not exist. create it.
$iptables_cmd ${table} -N "${accept_limit_chain}"
touch "${FIREHOL_CHAINS_DIR}/${accept_limit_chain}"
touch "${FIREHOL_CHAINS_DIR}/${accept_limit_chain}.${iptables_cmd}"

# first, if the traffic is not a NEW connection, allow it.
# doing this first will speed up normal traffic.
Expand Down Expand Up @@ -4640,14 +4640,14 @@ rule_action_param() {
# to pass.
if [ "${do_accept_recent}" = "1" ]
then
local accept_recent_chain="`echo "ACCEPT RECENT $name $seconds $hits" | tr " /." "___"`"
local accept_recent_chain="`echo "ACC REC $name $seconds $hits" | tr " /." "___"`"

# does the chain we need already exist?
if [ ! -f "${FIREHOL_CHAINS_DIR}/${accept_recent_chain}" ]
if [ ! -f "${FIREHOL_CHAINS_DIR}/${accept_recent_chain}.${iptables_cmd}" ]
then
# the chain does not exist. create it.
$iptables_cmd ${table} -N "${accept_recent_chain}"
touch "${FIREHOL_CHAINS_DIR}/${accept_recent_chain}"
touch "${FIREHOL_CHAINS_DIR}/${accept_recent_chain}.${iptables_cmd}"

# first, if the traffic is not a NEW connection, allow it.
# doing this first will speed up normal traffic.
Expand Down Expand Up @@ -4679,11 +4679,11 @@ rule_action_param() {
local -a action_param=()

# does the knock chain exists?
if [ ! -f "${FIREHOL_CHAINS_DIR}/${name}" ]
if [ ! -f "${FIREHOL_CHAINS_DIR}/${name}.${iptables_cmd}" ]
then
# the chain does not exist. create it.
$iptables_cmd ${table} -N "${name}"
touch "${FIREHOL_CHAINS_DIR}/${name}"
touch "${FIREHOL_CHAINS_DIR}/${name}.${iptables_cmd}"

$iptables_cmd -A "${name}" -m conntrack --ctstate ESTABLISHED -j ACCEPT

Expand Down

0 comments on commit 6dd351f

Please sign in to comment.