iplimit

iplimit

[netfilter]

hello,

I have more of a informative question to ask
and would appreciate any input you give me.

I am using iplimit patch to limit the number of active connections to my
server. I am interested to know why this patch is not present even in
the 2.5/2.6 series 
of kernels.

I am interested if there is another way to protect myself 
from a SYN attack originating from a KNOWN AND VALID IP address ?

thanks,

Razvan Radu
CORE Technologies
Tel: 021 2420383
 

iplimit

[Dhyanesh Ramaiya]

Dear all,

I am having difficulties in getting iplimit to work. I have iptables 1.2.7a
and kernel 2.4.20. iplimit is compiled in the kernel. However, whenever I
try to run the rule below it gives the error "iptables: No
chain/target/match by that name":

iptables -A INPUT -p tcp --syn --destination 1.2.3.4 --dport 80 -j DROP -m
iplimit --iplimit-above 4

Please advise off the mailing list as temporarily I have disabled to receive
Netfilter's member posts.

Thank you very much.

Dhyanesh Ramaiya
dhyanesh@intafrica.com

Re: iplimit

[Erik Bourget]

"Dhyanesh Ramaiya" <dhyanesh@intafrica.com> writes:

> Dear all,
>
> I am having difficulties in getting iplimit to work. I have iptables 1.2.7a
> and kernel 2.4.20. iplimit is compiled in the kernel. However, whenever I
> try to run the rule below it gives the error "iptables: No
> chain/target/match by that name":
>
> iptables -A INPUT -p tcp --syn --destination 1.2.3.4 --dport 80 -j DROP -m
> iplimit --iplimit-above 4
>
> Please advise off the mailing list as temporarily I have disabled to receive
> Netfilter's member posts.

Try using connlimit from latest patch-o-matic and iptables-1.2.9.  I am using
this combination with great success.

PS - Whovever made the connlimit patches, thanks!

- Erik

iplimit

[Razvan Radu]

hello,

I have more of a informative question to ask
and would appreciate any input you give me.

I am using iplimit patch to limit the number of active
connections to my server. I am interested to know why
this patch is not present even in the 2.5/2.6 series 
of kernels.

I am interested if there is another way to protect myself 
from a SYN attack originating from a KNOWN AND VALID IP address ?

thanks,

Razvan Radu
CORE Technologies
Tel: 021 2420383
 

iplimit

[Thomas Braun]

Hi Group,

i trying to use the iplimit module and typed:

iptables -A INPUT -i eth0 -p tcp --syn --dport 25 -m iplimit 
--iplimit-above 2 -j DROP


than get this error message:
iptables: No chain/target/match by that name


can someone tell me what i do wrong?
without the iplimit modules all is working.

my Kernel Version 2.4.19, my iptables version is v1.2.6a.
Do i need some  extra Kernel modules for it? I havent seen it in the 
normal  Kernel.

thx for your help.


cu thomas

-- 
Thomas Braun       WESTEND GmbH - Aachen und Dueren     Tel 0241/701333-0
tb@westend.com   Internet & Security for Professionals    Fax 0241/911879
         WESTEND ist CISCO Systems Partner - Authorized Reseller