On Mar 11 2007 18:14, Pascal Hambourg wrote:
>> I can't add connlimit rule? What's wrong? Any suggestion?
>>
>> -----------------------------------------
>> iptables -m connlimit -h
>> connlimit v1.3.7 options:
>> [!] --connlimit-above n match if the number of existing tcp
>> connections is (not) above n
>> --connlimit-mask n group hosts using mask
>>
>> -----------------------------------------
>> RouterBM:/home/kopecek# iptables -A FORWARD -p tcp -s 10.88.99.71 -m
>> connlimit --connlimit-above 300 --connlimit-mask 32 -j REJECT
>> --reject-with
>> tcp-reset
>> iptables: No chain/target/match by that name
>
> Your kernel probably does not support the connlimit match. The connlimit match
> is not part of the standard kernel. It used to be included as a kernel patch
> in
> the patch-o-matic-ng, but has been removed from the daily snapshots since
> 2006/07/26.
connlimit is still there (not in pomng though), it's out-of-out-off-tree,
so to say. You have to patch pomng, and then patch the kernel *whirl* ...
Jan
--
|