This commit is contained in:
sushen339
BIN
Binary file not shown.
Binary file not shown.
+13
-1
@@ -130,11 +130,23 @@ int init_nftables_rules(void) {
|
|||||||
|
|
||||||
/* 删除旧的限速规则(如果存在) */
|
/* 删除旧的限速规则(如果存在) */
|
||||||
snprintf(command, sizeof(command),
|
snprintf(command, sizeof(command),
|
||||||
"nft -a list chain %s input 2>/dev/null | grep -E 'ssh-ratelimit.*tcp dport' | awk '{print $NF}' | "
|
"nft -a list chain %s input 2>/dev/null | grep -E 'tcp dport.*ssh-ratelimit' | awk '{print $NF}' | "
|
||||||
"xargs -r -I {} nft delete rule %s input handle {}",
|
"xargs -r -I {} nft delete rule %s input handle {}",
|
||||||
NFT_TABLE, NFT_TABLE);
|
NFT_TABLE, NFT_TABLE);
|
||||||
system(command);
|
system(command);
|
||||||
|
|
||||||
|
/* 重建动态集合以清空旧的限速记录 */
|
||||||
|
snprintf(command, sizeof(command),
|
||||||
|
"nft delete set %s ssh-ratelimit 2>/dev/null; "
|
||||||
|
"nft add set %s ssh-ratelimit '{ type ipv4_addr; size 65535; flags dynamic,timeout; }'",
|
||||||
|
NFT_TABLE, NFT_TABLE);
|
||||||
|
system(command);
|
||||||
|
snprintf(command, sizeof(command),
|
||||||
|
"nft delete set %s ssh-ratelimit_v6 2>/dev/null; "
|
||||||
|
"nft add set %s ssh-ratelimit_v6 '{ type ipv6_addr; size 65535; flags dynamic,timeout; }'",
|
||||||
|
NFT_TABLE, NFT_TABLE);
|
||||||
|
system(command);
|
||||||
|
|
||||||
/* 添加新的限速规则:超速IP加入临时封禁集合 */
|
/* 添加新的限速规则:超速IP加入临时封禁集合 */
|
||||||
snprintf(command, sizeof(command),
|
snprintf(command, sizeof(command),
|
||||||
"nft add rule %s input tcp dport %d ct state new "
|
"nft add rule %s input tcp dport %d ct state new "
|
||||||
|
|||||||
Reference in New Issue
Block a user