diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-12-09 22:55:30 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-01-14 18:54:39 +0100 |
commit | 3f5ef7d63f9ef70855dedd9b5aa7eba2f63a1ec7 (patch) | |
tree | f4defb46c5fd28345ebb21c0c3828e1eb0cd23b4 /src/scanner.l | |
parent | 510e800e72e177a9070129b63fa232f065f54c02 (diff) |
src: support limit rate over value
So far it was only possible to match packet under a rate limit, this
patch allows you to explicitly indicate if you want to match packets
that goes over or until the rate limit, eg.
... limit rate over 3/second counter log prefix "OVERLIMIT: " drop
... limit rate over 3 mbytes/second counter log prefix "OVERLIMIT: " drop
... ct state invalid limit rate until 1/second counter log prefix "INVALID: "
When listing rate limit until, this shows:
... ct state invalid limit rate 1/second counter log prefix "INVALID: "
thus, the existing syntax is still valid (i.e. default to rate limit until).
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/scanner.l')
-rw-r--r-- | src/scanner.l | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/scanner.l b/src/scanner.l index a98e7b6a..e5ac8aa7 100644 --- a/src/scanner.l +++ b/src/scanner.l @@ -312,6 +312,8 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) "limit" { return LIMIT; } "rate" { return RATE; } "burst" { return BURST; } +"until" { return UNTIL; } +"over" { return OVER; } "nanosecond" { return NANOSECOND; } "microsecond" { return MICROSECOND; } |