On 07/14/2018 06:33 AM, Steven Jan Springl wrote: > Tom > > In the attached config. policy rule: > > lan $FW ACCEPT warn 1/min:2 > > Generates iptables rule: > > -A @lan2fw -m limit --limit 1/min --limit-burst 2 > --hashlimit-htable-expire 60000 -j RETURN > > Which produces error: > > iptables-restore v1.4.21: unknown option "--hashlimit-htable-expire" >
Steven, The attached patch seems to correct the problem. Thanks! -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index 5b6e369d1..0adcd8d3f 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -5444,8 +5444,10 @@ sub do_ratelimit( $$ ) {
$limit .= " --hashlimit-htable-size $htsize --hashlimit-htable-max $max";
}
- $limit .= " --hashlimit-mode $mode" if $mode;
- $units = $10;
+ if ( $mode ) {
+ $limit .= " --hashlimit-mode $mode";
+ $units = $10;
+ }
} else {
fatal_error "Invalid rate ($rate)";
}
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
