瀏覽代碼

feat(zone.xml): allow to rate limit 'accept' in rich rules

The current rich_rule macro is supporting to set if the connection
should be accepted or rejected or dropped but doesn't support setting
rate limiting in the 'accept' case. Add code for that.

Signed-off-by: Arnaud Patard <apatard@hupstream.com>
tags/v1.2.0
Arnaud Patard 3 年之前
父節點
當前提交
a2f4f3b36e
共有 2 個檔案被更改,包括 4 行新增4 行删除
  1. +1
    -1
      firewalld/files/zone.xml
  2. +3
    -3
      test/integration/default/controls/zones_spec.rb

+ 1
- 1
firewalld/files/zone.xml 查看文件

@@ -60,7 +60,7 @@
<audit>{%- if 'limit' in rule.audit %} <limit value="{{ rule.audit.limit }}"/>{%- endif %}</audit>
{%- endif %}
{%- if 'accept' in rule %}
<accept/>
<accept>{%- if rule.accept is mapping and 'limit' in rule.accept %} <limit value="{{ rule.accept.limit }}"/>{%- endif %}</accept>
{%- endif %}
{%- if 'reject' in rule %}
<reject{%- if 'type' in rule.reject %} type="{{ rule.reject.type }}"{%- endif %} />

+ 3
- 3
test/integration/default/controls/zones_spec.rb 查看文件

@@ -31,7 +31,7 @@ control 'zones/public.xml configuration' do
<source-port port="4444" protocol="tcp" />
<rule family="ipv4">
<source address="8.8.8.8/24" />
<accept/>
<accept></accept>
</rule>
<rule family="ipv4">
<source ipset="fail2ban-ssh" />
@@ -59,12 +59,12 @@ control 'zones/rich_public.xml configuration' do
<rule>
<source ipset="fail2ban-ssh" />
<service name="ssh" />
<accept/>
<accept></accept>
</rule>
<rule>
<source ipset="other-ipset" />
<service name="ssh" />
<accept/>
<accept></accept>
</rule>
</zone>
ZONE_XML

Loading…
取消
儲存