limit pkts (hide obsolete iptables branch, limit number of rules)

git-svn-id: https://dev.arachne.cz/repos/prometheus/trunk@260 251d49ef-1d17-4917-a970-b30cf55b089b

diff --git a/prometheus.c b/prometheus.c
index 4c8b8eaa42892b4cf389c9ea9a77719cda50d5bd..71b2a32e13c9a8188cac8dea38a67d22d0736e42 100644 (file)
--- a/prometheus.c
+++ b/prometheus.c
@@ -1266,15 +1266,18 @@ Credit: CZFree.Net, Martin Devera, Netdave, Aquarius, Gandalf\n\n",version);
                 chain, ip->addr, ip->mask, interface->name, limit_pkts);\r
    iptables_save_line(str, ip->v6);\r
 \r
-   /* classify overlimit packets to separate overlimit class */\r
-   sprintf(str, "-A %s -d %s/%d -o %s -j %s%d",\r
-                chain, ip->addr, ip->mask,\r
-                interface->name, mark_iptables, OVERLIMIT_CLASS);\r
-   iptables_save_line(str, ip->v6);\r
-\r
-   sprintf(str, "-A %s -d %s/%d -o %s -j ACCEPT",\r
-                chain, ip->addr, ip->mask, interface->name);\r
-   iptables_save_line(str, ip->v6);\r
+   if(limit_pkts)\r
+   {\r
+    /* classify overlimit packets to separate overlimit class */\r
+    sprintf(str, "-A %s -d %s/%d -o %s -j %s%d",\r
+                 chain, ip->addr, ip->mask,\r
+                 interface->name, mark_iptables, OVERLIMIT_CLASS);\r
+    iptables_save_line(str, ip->v6);\r
+\r
+    sprintf(str, "-A %s -d %s/%d -o %s -j ACCEPT",\r
+                 chain, ip->addr, ip->mask, interface->name);\r
+    iptables_save_line(str, ip->v6);\r
+   }\r
 \r
    if(ip->min)\r
    {\r