diff options
| author | Timo Teräs <timo.teras@iki.fi> | 2013-08-02 16:12:37 +0300 |
|---|---|---|
| committer | Timo Teräs <timo.teras@iki.fi> | 2013-08-02 16:13:44 +0300 |
| commit | 3d98689f2ea09936e851b6e376d14bdd43e56c4e (patch) | |
| tree | 490bcd02651b39b25d3b75ff01a8e9329a851c2b /main/awall | |
| parent | 31daf16a5b34c32101c7309a0dfd8aba81789940 (diff) | |
main/awall: fix burstyness of rate limits
Diffstat (limited to 'main/awall')
| -rw-r--r-- | main/awall/0001-limit-packet-connection-rate-per-source-IP.patch (renamed from main/awall/use-hashlimit.patch) | 11 | ||||
| -rw-r--r-- | main/awall/0002-fix-ratelimiting-to-work-with-bursts-properly.patch | 25 | ||||
| -rw-r--r-- | main/awall/APKBUILD | 14 |
3 files changed, 45 insertions, 5 deletions
diff --git a/main/awall/use-hashlimit.patch b/main/awall/0001-limit-packet-connection-rate-per-source-IP.patch index e8d768d39cd..e7767b91d7e 100644 --- a/main/awall/use-hashlimit.patch +++ b/main/awall/0001-limit-packet-connection-rate-per-source-IP.patch @@ -1,3 +1,12 @@ +From 085e778404e3058cc2b803d4d0fbd106abad8bd0 Mon Sep 17 00:00:00 2001 +From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> +Date: Fri, 2 Aug 2013 12:31:12 +0300 +Subject: [PATCH] limit packet/connection rate per source IP + +--- + awall/modules/filter.lua | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + diff --git a/awall/modules/filter.lua b/awall/modules/filter.lua index f01b586..d21b79e 100644 --- a/awall/modules/filter.lua @@ -11,4 +20,6 @@ index f01b586..d21b79e 100644 target=logchain(self.log, 'accept', 'ACCEPT') }, {target='DROP'} +-- +1.8.3.3 diff --git a/main/awall/0002-fix-ratelimiting-to-work-with-bursts-properly.patch b/main/awall/0002-fix-ratelimiting-to-work-with-bursts-properly.patch new file mode 100644 index 00000000000..40e40cbf172 --- /dev/null +++ b/main/awall/0002-fix-ratelimiting-to-work-with-bursts-properly.patch @@ -0,0 +1,25 @@ +From 13bf8b6ab664bcd0b11c2a6dbf9eb3cd319062cd Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> +Date: Fri, 2 Aug 2013 16:10:08 +0300 +Subject: [PATCH] fix ratelimiting to work with bursts properly + +--- + awall/modules/filter.lua | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/awall/modules/filter.lua b/awall/modules/filter.lua +index d21b79e..bdf6ae6 100644 +--- a/awall/modules/filter.lua ++++ b/awall/modules/filter.lua +@@ -212,7 +212,7 @@ function Filter:extraoptfrags() + if count > RECENT_MAX_COUNT then + ofrags = { + { +- opts='-m hashlimit --hashlimit-upto '..count..'/second --hashlimit-mode srcip --hashlimit-name '..chain, ++ opts='-m hashlimit --hashlimit-upto '..count..'/second --hashlimit-burst '..count..' --hashlimit-mode srcip --hashlimit-name '..chain, + target=logchain(self.log, 'accept', 'ACCEPT') + }, + {target='DROP'} +-- +1.8.3.3 + diff --git a/main/awall/APKBUILD b/main/awall/APKBUILD index 8526b4b3d05..c3a20afbd99 100644 --- a/main/awall/APKBUILD +++ b/main/awall/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> pkgname=awall pkgver=0.3.1 -pkgrel=1 +pkgrel=2 pkgdesc="Alpine Wall" url=http://git.alpinelinux.org/cgit/awall/ arch=noarch @@ -11,7 +11,8 @@ replaces="awall-nat" depends="bind-tools ip6tables ipset iptables lua lua-alt-getopt lua-filesystem lua-json4 lua-pc lua-signal lua-sleep lua-stringy xtables-addons" subpackages=$pkgname-masquerade source="http://dev.alpinelinux.org/archive/awall/awall-${pkgver}.tar.bz2 - use-hashlimit.patch" + 0001-limit-packet-connection-rate-per-source-IP.patch + 0002-fix-ratelimiting-to-work-with-bursts-properly.patch" _builddir=$srcdir/awall-${pkgver} @@ -44,8 +45,11 @@ masquerade() { } md5sums="b0547d6c2a90515b0fd66b3b9cf80ad6 awall-0.3.1.tar.bz2 -502dfb94d8211304c3f119aa4e0005f3 use-hashlimit.patch" +57f9e9816be3fb679581d4c8db664989 0001-limit-packet-connection-rate-per-source-IP.patch +97a2f33572504e62b4d2d9d1d7f22bc8 0002-fix-ratelimiting-to-work-with-bursts-properly.patch" sha256sums="7780a298b2f09ec959974e5f6fc5c64c196aa8c33b2bc0135a15dcfcb315cacb awall-0.3.1.tar.bz2 -26da6858a9a583bdc280e2c42522607f2d449228e9e7a13fe6635522180cfa45 use-hashlimit.patch" +dcfb077003977bbe68c5587ed379c288ca9ea8d64d69b8edd46425d9feccde02 0001-limit-packet-connection-rate-per-source-IP.patch +433b0e227e8966845314f8285c4856591776e310cd8ecba40e6d8076f4195890 0002-fix-ratelimiting-to-work-with-bursts-properly.patch" sha512sums="5e4e150812899dd47ff607e5701e59fa17b4889c4dd2f60df864d3f831d28f89ac277789e7de6bb70a1578723f7e8782a3fccb3a645aeec35a013b8e62c01880 awall-0.3.1.tar.bz2 -542d0bd3eb6a8e336460c2cca56b01c4c2d3ea2ce92f975429bd22078882caad3404e915fd48d2cb311caa585002b484311b0f2bff032494f1efe26cb7756ebe use-hashlimit.patch" +48fe9549aa70d37a0b63dc61a47ef4540666aa6616d01b6db9bc48657b3d9cdcb7ee7421cde7fce3a7945687bd6e621aa9cac228d2cf93161b368fd356b2c9fc 0001-limit-packet-connection-rate-per-source-IP.patch +702f8ecf5260de9491bf606d929f31f0c7ba23c4a93513411e519907b1694a948ce1118098a5eafaeec856a4cd6a1f95173c4b5172355146b1999795337bf711 0002-fix-ratelimiting-to-work-with-bursts-properly.patch" |