Kaynağa Gözat
feat(zone.xml): allow to rate limit 'accept' in rich rules
The current rich_rule macro is supporting to set if the connection should be accepted or rejected or dropped but doesn't support setting rate limiting in the 'accept' case. Add code for that. Signed-off-by: Arnaud Patard <apatard@hupstream.com>tags/v1.2.0
Arnaud Patard
3 yıl önce
2 değiştirilmiş dosya ile 4 ekleme ve 4 silme
+ 1
- 1
firewalld/files/zone.xml
Dosyayı Görüntüle
| @@ -60,7 +60,7 @@ | |||
| <audit>{%- if 'limit' in rule.audit %} <limit value="{{ rule.audit.limit }}"/>{%- endif %}</audit> | |||
| {%- endif %} | |||
| {%- if 'accept' in rule %} | |||
| <accept/> | |||
| <accept>{%- if rule.accept is mapping and 'limit' in rule.accept %} <limit value="{{ rule.accept.limit }}"/>{%- endif %}</accept> | |||
| {%- endif %} | |||
| {%- if 'reject' in rule %} | |||
| <reject{%- if 'type' in rule.reject %} type="{{ rule.reject.type }}"{%- endif %} /> | |||
+ 3
- 3
test/integration/default/controls/zones_spec.rb
Dosyayı Görüntüle
| @@ -31,7 +31,7 @@ control 'zones/public.xml configuration' do | |||
| <source-port port="4444" protocol="tcp" /> | |||
| <rule family="ipv4"> | |||
| <source address="8.8.8.8/24" /> | |||
| <accept/> | |||
| <accept></accept> | |||
| </rule> | |||
| <rule family="ipv4"> | |||
| <source ipset="fail2ban-ssh" /> | |||
| @@ -59,12 +59,12 @@ control 'zones/rich_public.xml configuration' do | |||
| <rule> | |||
| <source ipset="fail2ban-ssh" /> | |||
| <service name="ssh" /> | |||
| <accept/> | |||
| <accept></accept> | |||
| </rule> | |||
| <rule> | |||
| <source ipset="other-ipset" /> | |||
| <service name="ssh" /> | |||
| <accept/> | |||
| <accept></accept> | |||
| </rule> | |||
| </zone> | |||
| ZONE_XML | |||
Yükleniyor…