From 56f6397ec3e60052dce31b6417ff64572b880897 Mon Sep 17 00:00:00 2001
From: xchaos <xchaos@251d49ef-1d17-4917-a970-b30cf55b089b>
Date: Fri, 13 Oct 2017 14:18:02 +0000
Subject: [PATCH] limit pkts (hide obsolete iptables branch, limit number of
 rules)

git-svn-id: https://dev.arachne.cz/repos/prometheus/trunk@260 251d49ef-1d17-4917-a970-b30cf55b089b
---
 prometheus.c | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/prometheus.c b/prometheus.c
index 4c8b8ea..71b2a32 100644
--- a/prometheus.c
+++ b/prometheus.c
@@ -1266,15 +1266,18 @@ Credit: CZFree.Net, Martin Devera, Netdave, Aquarius, Gandalf\n\n",version);
                 chain, ip->addr, ip->mask, interface->name, limit_pkts);
    iptables_save_line(str, ip->v6);
 
-   /* classify overlimit packets to separate overlimit class */
-   sprintf(str, "-A %s -d %s/%d -o %s -j %s%d",
-                chain, ip->addr, ip->mask,
-                interface->name, mark_iptables, OVERLIMIT_CLASS);
-   iptables_save_line(str, ip->v6);
-
-   sprintf(str, "-A %s -d %s/%d -o %s -j ACCEPT",
-                chain, ip->addr, ip->mask, interface->name);
-   iptables_save_line(str, ip->v6);
+   if(limit_pkts)
+   {
+    /* classify overlimit packets to separate overlimit class */
+    sprintf(str, "-A %s -d %s/%d -o %s -j %s%d",
+                 chain, ip->addr, ip->mask,
+                 interface->name, mark_iptables, OVERLIMIT_CLASS);
+    iptables_save_line(str, ip->v6);
+
+    sprintf(str, "-A %s -d %s/%d -o %s -j ACCEPT",
+                 chain, ip->addr, ip->mask, interface->name);
+    iptables_save_line(str, ip->v6);
+   }
 
    if(ip->min)
    {
-- 
2.30.2