Révision b10c6216
Set a customisable rate limit to the logging rules
| manifests/init.pp | ||
|---|---|---|
| 38 | 38 |
# * chain: Will be replaced by the name of the chain. |
| 39 | 39 |
# * comment: Allows chains to add extra comments. |
| 40 | 40 |
# |
| 41 |
# @param log_limit |
|
| 42 |
# String with the content of a limit statement to be applied |
|
| 43 |
# to the rules that log discarded traffic. Set to false to |
|
| 44 |
# disable rate limiting. |
|
| 45 |
# |
|
| 41 | 46 |
# @param reject_with |
| 42 | 47 |
# How to discard packets not matching any rule. If `false`, the |
| 43 | 48 |
# fate of the packet will be defined by the chain policy (normally |
| ... | ... | |
| 65 | 70 |
Boolean $in_out_conntrack = true, |
| 66 | 71 |
Hash $rules = {},
|
| 67 | 72 |
String $log_prefix = '[nftables] %<chain>s %<comment>s', |
| 73 |
Variant[Boolean[false], String] |
|
| 74 |
$log_limit = '3/minute burst 5 packets', |
|
| 68 | 75 |
Variant[Boolean[false], Pattern[ |
| 69 | 76 |
/icmp(v6|x)? type .+|tcp reset/]] |
| 70 | 77 |
$reject_with = 'icmpx type port-unreachable', |
Formats disponibles : Unified diff