From 66c6cc3853019556307ca220ec3c9f09c7f0ffde Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Schneider?= <jschneider@entrouvert.com>
Date: Wed, 22 Jun 2011 15:47:23 +0200
Subject: [PATCH] Avoid log flood

---
 debian/changelog | 7 +++++++
 firewall         | 4 +++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index db349bd..025f6f0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+eofirewall (0.1-20110621.3) unstable; urgency=low
+
+  * Add an example for the ssh whitelist 
+  * Fix WAN outgoing traffic from lan
+
+ -- Jérôme Schneider <jschneider@entrouvert.com>  Tue, 21 Jun 2011 19:35:17 +0200
+
 eofirewall (0.1-20110621.2) unstable; urgency=low
 
   * Add a whitelist for ssh
diff --git a/firewall b/firewall
index 2840038..b03bea3 100755
--- a/firewall
+++ b/firewall
@@ -277,7 +277,9 @@ start()
     ## LOG
     ## Create a LOGDROP chain to log and drop packets
     $IPTABLES -N LOGDROP
-    $IPTABLES -A LOGDROP -j LOG --log-prefix "iptables: " --log-level 4
+    $IPTABLES -A LOGDROP -p tcp -m limit --limit 1/min -j LOG --log-prefix "iptables: denied tcp: " --log-level 4
+    $IPTABLES -A LOGDROP -p udp -m limit --limit 1/min -j LOG --log-prefix "iptables: denied udp: " --log-level 4
+    $IPTABLES -A LOGDROP -p icmp -m limit --limit 1/min -j LOG --log-prefix "iptables: denied icmp: " --log-level 4
     $IPTABLES -A LOGDROP -j DROP
 
     $IPTABLES -A INPUT -j LOGDROP