From: Luca Filipozzi <lfilipoz@emyr.net>
Date: Sat, 12 Jan 2013 23:10:09 +0000 (+0000)
Subject: cut down on log entries
X-Git-Url: https://git.donarmstrong.com/?p=dsa-puppet.git;a=commitdiff_plain;h=0342b6075bff7217a4f16a85bebee4da586749a4

cut down on log entries
---

diff --git a/modules/ferm/files/ferm.conf b/modules/ferm/files/ferm.conf
index a88d797c..5b38e34c 100644
--- a/modules/ferm/files/ferm.conf
+++ b/modules/ferm/files/ferm.conf
@@ -16,8 +16,8 @@ domain ip {
               }
 
               chain log_or_drop {
-                      mod hashlimit hashlimit-name ulogreject  hashlimit-mode srcip hashlimit-burst 30 hashlimit 15/second jump log_and_reject;
-                      mod hashlimit hashlimit-name uloglogdrop hashlimit-mode srcip hashlimit-burst 30 hashlimit 15/second ULOG ulog-prefix "DROP: ";
+                      mod hashlimit hashlimit-name ulogreject  hashlimit-mode srcip hashlimit-burst 10 hashlimit 1/second jump log_and_reject;
+                      mod hashlimit hashlimit-name uloglogdrop hashlimit-mode srcip hashlimit-burst 10 hashlimit 1/second ULOG ulog-prefix "DROP: ";
                       DROP;
               }
 
@@ -32,8 +32,8 @@ domain ip6 {
               }
 
               chain log_or_drop {
-                      mod hashlimit hashlimit-name logreject  hashlimit-mode srcip hashlimit-burst 30 hashlimit 15/second jump log_and_reject;
-                      mod hashlimit hashlimit-name loglogdrop hashlimit-mode srcip hashlimit-burst 30 hashlimit 15/second LOG log-prefix "DROP: ";
+                      mod hashlimit hashlimit-name logreject  hashlimit-mode srcip hashlimit-burst 10 hashlimit 1/second jump log_and_reject;
+                      mod hashlimit hashlimit-name loglogdrop hashlimit-mode srcip hashlimit-burst 10 hashlimit 1/second LOG log-prefix "DROP: ";
                       DROP;
               }
         }