feat: add limit:burst and connlimit:mask fields to policies

2026-03-01 11:18:26 +01:00
parent 3dc97df6cd
commit e05e9d5975
5 changed files with 47 additions and 2 deletions
--- a/backend/alembic/versions/0008_policy_add_limit_connlimit.py
+++ b/backend/alembic/versions/0008_policy_add_limit_connlimit.py
@@ -0,0 +1,23 @@
+"""add limit_burst and connlimit_mask to policies
+
+Revision ID: 0008
+Revises: 0007
+Create Date: 2026-03-01
+"""
+from alembic import op
+import sqlalchemy as sa
+
+revision = "0008"
+down_revision = "0007"
+branch_labels = None
+depends_on = None
+
+
+def upgrade() -> None:
+    op.add_column("policies", sa.Column("limit_burst", sa.String(64), server_default="''", nullable=False))
+    op.add_column("policies", sa.Column("connlimit_mask", sa.String(32), server_default="''", nullable=False))
+
+
+def downgrade() -> None:
+    op.drop_column("policies", "connlimit_mask")
+    op.drop_column("policies", "limit_burst")
--- a/backend/app/models.py
+++ b/backend/app/models.py
@@ -76,6 +76,8 @@ class Policy(Base):
    dst_zone_id: Mapped[int | None] = mapped_column(Integer, ForeignKey("zones.id"), nullable=True)
    policy: Mapped[str] = mapped_column(String(16), nullable=False)
    log_level: Mapped[str] = mapped_column(String(16), default="")
+    limit_burst: Mapped[str] = mapped_column(String(64), default="")
+    connlimit_mask: Mapped[str] = mapped_column(String(32), default="")
    comment: Mapped[str] = mapped_column(Text, default="")
    position: Mapped[int] = mapped_column(Integer, default=0)

--- a/backend/app/schemas.py
+++ b/backend/app/schemas.py
@@ -93,6 +93,8 @@ class PolicyCreate(BaseModel):
    dst_zone_id: Optional[int] = None
    policy: str
    log_level: str = ""
+    limit_burst: str = ""
+    connlimit_mask: str = ""
    comment: str = ""
    position: int = 0

@@ -102,6 +104,8 @@ class PolicyUpdate(BaseModel):
    dst_zone_id: Optional[int] = None
    policy: Optional[str] = None
    log_level: Optional[str] = None
+    limit_burst: Optional[str] = None
+    connlimit_mask: Optional[str] = None
    comment: Optional[str] = None
    position: Optional[int] = None

@@ -113,6 +117,8 @@ class PolicyOut(BaseModel):
    dst_zone_id: Optional[int]
    policy: str
    log_level: str
+    limit_burst: str
+    connlimit_mask: str
    comment: str
    position: int

--- a/backend/app/shorewall_generator.py
+++ b/backend/app/shorewall_generator.py
@@ -33,11 +33,21 @@ class ShorewallGenerator:
        return "".join(lines)

    def policy(self) -> str:
-        lines = [self._header("policy"), "#SOURCE".ljust(16) + "DEST".ljust(16) + "POLICY".ljust(16) + "LOG LEVEL\n"]
+        lines = [
+            self._header("policy"),
+            "#SOURCE".ljust(16) + "DEST".ljust(16) + "POLICY".ljust(16)
+            + "LOG LEVEL".ljust(16) + "LIMIT:BURST".ljust(20) + "CONNLIMIT:MASK\n",
+        ]
        for p in sorted(self._config.policies, key=lambda x: x.position):
            src = p.src_zone.name if p.src_zone else "all"
            dst = p.dst_zone.name if p.dst_zone else "all"
-            lines.append(self._col(src, dst, p.policy, p.log_level or "-"))
+            lines.append(self._col(
+                src, dst, p.policy,
+                p.log_level or "-",
+                p.limit_burst or "-",
+                p.connlimit_mask or "-",
+                width=16,
+            ))
        return "".join(lines)

    def rules(self) -> str: