diff options
| author | pierrepomes <pierre.pomes@interface-tech.com> | 2009-11-16 16:43:50 -0500 |
|---|---|---|
| committer | pierrepomes <pierre.pomes@interface-tech.com> | 2009-11-16 16:43:50 -0500 |
| commit | 26dd6a541d0e6d3fac351e5dd8fcc18894a1095a (patch) | |
| tree | 7ba2efea60986af1db394c8245dceb0933111066 /etc | |
| parent | 6593dae66735f668fb169cdbbf88ef9c1aa9241c (diff) | |
| download | pfsense-26dd6a541d0e6d3fac351e5dd8fcc18894a1095a.zip pfsense-26dd6a541d0e6d3fac351e5dd8fcc18894a1095a.tar.gz | |
Add support for 'max-src-conn' PF feature, to limit the maximum number of established connections per host
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/filter.inc | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 3d9936f..3586e4f 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1464,7 +1464,7 @@ function filter_generate_user_rule($rule) if ($type == "pass") { if (isset($rule['allowopts'])) $aline['allowopts'] = " allow-opts "; - if( isset($rule['source-track']) or isset($rule['max-src-nodes']) or isset($rule['max-src-states']) ) + if( isset($rule['source-track']) or isset($rule['max-src-nodes']) or isset($rule['max-src-conn']) or isset($rule['max-src-states']) ) if($rule['protocol'] == "tcp") $aline['flags'] = "flags S/SA "; /* @@ -1501,6 +1501,7 @@ function filter_generate_user_rule($rule) if ($noadvoptions == false || $l7_present) if( isset($rule['source-track']) and $rule['source-track'] <> "" or isset($rule['max-src-nodes']) and $rule['max-src-nodes'] <> "" or + isset($rule['max-src-conn']) and $rule['max-src-conn'] <> "" or isset($rule['max-src-conn-rate']) and $rule['max-src-conn-rate'] <> "" or isset($rule['max-src-conn-rates']) and $rule['max-src-conn-rates'] <> "" or isset($rule['max-src-states']) and $rule['max-src-states'] <> "" or @@ -1511,6 +1512,8 @@ function filter_generate_user_rule($rule) $aline['flags'] .= "source-track rule "; if(isset($rule['max-src-nodes']) and $rule['max-src-nodes'] <> "") $aline['flags'] .= "max-src-nodes " . $rule['max-src-nodes'] . " "; + if(isset($rule['max-src-conn']) and $rule['max-src-conn'] <> "") + $aline['flags'] .= "max-src-conn " . $rule['max-src-conn'] . " "; if(isset($rule['max-src-states']) and $rule['max-src-states'] <> "") $aline['flags'] .= "max-src-states " . $rule['max-src-states'] . " "; if(isset($rule['statetimeout']) and $rule['statetimeout'] <> "") |
