Beta 2 is now available for testing. In addition to correcting a defect
reported by Steven Springl, Beta 2 supports per-IP log rate limiting:
Per-ip log rate limiting has been added in the form of the LOGLIMIT
option in shorewall.conf. When LOGLIMIT is specified, LOGRATE and
LOGBURST are ignored.
LOGRATE and LOGBURST are now deprecated.
LOGLIMIT''s value format is
[{s|d}:]<rate>[/<unit>][:<burst>]
If the value starts with ''s:'' then logging is limited per
source
IP. If the value starts with ''d:'', then logging is limited
per
destination IP. Otherwise, the overall logging rate is limited.
<unit> is one of sec, min, hour, day; default is sec.
If <burst> is not specified, then a value of 5 is assumed.
Thank you for testing,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
The Palm PDK Hot Apps Program offers developers who use the
Plug-In Development Kit to bring their C/C++ apps to Palm for a share
of $1 Million in cash or HP Products. Visit us here for more details:
http://p.sf.net/sfu/dev2dev-palm
Tom If LOGLIMIT=4/sec:8 is specified then the following message is produced: ERROR: Invalid rate (4/sec:8) If LOGLIMT=s:0/sec:8 is specified then the following messge is produced: iptables-restore v1.4.8: hashlimit: Bad value for "--hashlimit-upto" option: "0/sec" If LOGLIMIT=s:4/sec:0 is specified then the following messages are produced: iptables: Numerical result out of range. ERROR: Command "/usr/local/sbin/iptables -A log49 -m hashlimit --hashlimit 4/sec --hashlimit-burst 0 --hashlimit-name lograte --hashlimit-mode srcip -j NFLOG --nflog-prefix "Shorewall:wan_dnat:DNAT:" -m comment --comment "LOTS OF BRIDGE RULES"" Failed Steven. ------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://p.sf.net/sfu/dev2dev-palm
On 7/29/10 3:18 PM, Steven Jan Springl wrote:> If LOGLIMIT=4/sec:8 is specified then the following message is produced: > > ERROR: Invalid rate (4/sec:8)Brain cramp -- I decided to deprecate LOGRATE and LOGBURST but didn''t add the code to allow this form for LOGLIMIT.> > If LOGLIMT=s:0/sec:8 is specified then the following messge is produced: > > iptables-restore v1.4.8: hashlimit: Bad value for "--hashlimit-upto" > option: "0/sec" > > If LOGLIMIT=s:4/sec:0 is specified then the following messages are produced: > > iptables: Numerical result out of range. > ERROR: Command "/usr/local/sbin/iptables -A log49 -m hashlimit --hashlimit > 4/sec --hashlimit-burst 0 --hashlimit-name lograte --hashlimit-mode srcip -j > NFLOG --nflog-prefix "Shorewall:wan_dnat:DNAT:" -m comment --comment "LOTS > OF BRIDGE RULES"" FailedEditing of values has been improved. Please try the attached patch. Thanks for testing, Steven -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://p.sf.net/sfu/dev2dev-palm
On Friday 30 July 2010 00:42:04 Tom Eastep wrote:> Editing of values has been improved. Please try the attached patch. > > Thanks for testing, Steven > > -TomTom That''s fixed it. Thanks. Steven. ------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://p.sf.net/sfu/dev2dev-palm