rpms / firewalld

Clone
Source Code
GIT

Files

  1.   3d17f4a4f82cd584ab648015b9d9e480a53410a4
  2.   SOURCES
  3.   firewalld-0.3.9-RHBZ#1176813.patch
Blob Blame History Raw 
Adapted version of

commit a45c84008ae27aae36a5a67c5f9b08bca64aaf55
Author: Jiri Popelka <jpopelka@redhat.com>
Date:   Tue Jan 6 18:00:49 2015 +0100

    Iptables doesn't like limit of 1/d (RHBZ#1176813)
    
    It should eventually be fixed in iptables,
    this is a workaround for broken versions.

diff --git a/doc/xml/firewalld.richlanguage.xml b/doc/xml/firewalld.richlanguage.xml
index 0556f20..39a9ec7 100644
--- a/doc/xml/firewalld.richlanguage.xml
+++ b/doc/xml/firewalld.richlanguage.xml
@@ -226,7 +226,7 @@ log [prefix="prefix text"] [level="log l
 	Log new connection attempts to the rule with kernel logging for example in syslog. You can define a prefix text that will be added to the log message as a prefix. Log level can be one of "<option>emerg</option>", "<option>alert</option>", "<option>crit</option>", "<option>error</option>", "<option>warning</option>", "<option>notice</option>", "<option>info</option>" or "<option>debug</option>", where default (i.e. if there's no one specified) is "<option>warning</option>". See <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry> for description of levels.
       </para>
       <para>
-	It is possible to limit logging: The rate is a natural positive number [1, ..], the duration is of "s", "m", "h", "d". "s" means seconds, "m" minutes, "h" hours and "d" days. The maximum limit value is "1/d" which means at maximum one log entry per day.
+	It is possible to limit logging: The rate is a natural positive number [1, ..], the duration is of "s", "m", "h", "d". "s" means seconds, "m" minutes, "h" hours and "d" days. The maximum limit value is "2/d" which means at maximum one log entry per day.
       </para>
     </refsect2>
 
diff --git a/src/firewall/core/rich.py b/src/firewall/core/rich.py
index 21dc86a..1c93d4f 100644
--- a/src/firewall/core/rich.py
+++ b/src/firewall/core/rich.py
@@ -183,6 +183,10 @@ class Rich_Limit(object):
         if 10000 * mult / rate == 0:
             raise FirewallError(INVALID_LIMIT, "%s too fast" % self.value)
 
+        if rate == 1 and duration == "d":
+            # iptables (v1.4.21) doesn't accept 1/d
+            raise FirewallError(INVALID_LIMIT, "%s too slow" % self.value)
+
     def __str__(self):
         return 'limit value="%s"' % (self.value)

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation