57
57
self.chains['misc'].append(chain_prefix + "-logging-deny")
58
58
self.chains['misc'].append(chain_prefix + "-logging-allow")
60
# The default log rate limiting rule
61
self.ufw_user_limit_log = ['ufw-user-limit', '-m', 'limit', \
62
'--limit', '3/minute', '-j', 'LOG', \
64
self.ufw_user_limit_log_text = "[UFW LIMIT BLOCK]"
60
66
def get_default_policy(self, primary="input"):
61
67
'''Get current policy'''
62
68
policy = "default_" + primary + "_policy"
717
725
ufw.util.write_to_file(fd, "### END LOGGING ###\n")
727
# Rate limiting only supported with IPv4
719
728
if chain_prefix == "ufw":
720
729
ufw.util.write_to_file(fd, "\n### RATE LIMITING ###\n")
721
# Rate limiting only supported with IPv4
722
ufw.util.write_to_file(fd, "-A " + chain_prefix + "-user-limit -m limit " + \
723
"--limit 3/minute -j LOG --log-prefix " + \
724
"\"[UFW LIMIT BLOCK] \"\n")
725
ufw.util.write_to_file(fd, "-A " + chain_prefix + "-user-limit -j REJECT\n")
726
ufw.util.write_to_file(fd, "-A " + chain_prefix + "-user-limit-accept -j ACCEPT\n")
730
if self.defaults['loglevel'] != "off":
731
ufw.util.write_to_file(fd, "-A " + \
732
" ".join(self.ufw_user_limit_log) + \
733
" \"" + self.ufw_user_limit_log_text + " \"\n")
734
ufw.util.write_to_file(fd, "-A " + chain_prefix + \
735
"-user-limit -j REJECT\n")
736
ufw.util.write_to_file(fd, "-A " + chain_prefix + \
737
"-user-limit-accept -j ACCEPT\n")
727
738
ufw.util.write_to_file(fd, "### END RATE LIMITING ###\n")
729
740
ufw.util.write_to_file(fd, "COMMIT\n")
999
1010
err_msg = _("Couldn't update rules file for logging")
1000
1011
UFWError(err_msg)
1013
# Don't update the running firewall if not enabled
1014
if not self._is_enabled():
1002
1017
# make sure all the chains are here, it's redundant but helps make
1003
1018
# sure the chains are in a consistent state
1004
1019
err_msg = _("Could not update running firewall")
1030
1045
except Exception:
1031
1046
raise UFWError(err_msg)
1048
# Always delete this and re-add it so that we don't have extras
1049
self._chain_cmd('ufw-user-limit', ['-D'] + self.ufw_user_limit_log + \
1050
[self.ufw_user_limit_log_text + " "], \
1053
if self.defaults["loglevel"] != "off":
1054
self._chain_cmd('ufw-user-limit', ['-I'] + \
1055
self.ufw_user_limit_log + \
1056
[self.ufw_user_limit_log_text + " "], \
1033
1059
def _get_logging_rules(self, level):
1034
1060
'''Get rules for specified logging level'''