Re: [bug-reaport] netfilter extentions iplimit mod bugs.

[Harald Welte <laforge@netfilter.org>]

[-- Attachment #1: Type: text/plain, Size: 1724 bytes --]

On Mon, Jul 14, 2003 at 11:27:28AM +0800, yh wrote:
> HI guys,
> 
> I download netfilter extentions via cvs yestoday, the iplimit code has some bug, in 214 lin in linux/net/ipv4/netfilter/ipt_connlimit.c
> 
> static struct ipt_match connlimit_match
> = { { NULL, NULL }, "connlimit", &match, &check, &destroy, THIS_MODULE };
> 
> notic the "connlimit", it's must should be "iplimit", I don't know
> when it was changed, but the userspace tool iptable haven't changed
> yet.  so when you type "iptables -A INPUT -p tcp --syn --dport http -m
> iplimit --iplimit-above 4 -j REJECT" , the result is "Invailid
> command."..:)
> 
> change the "connlimit" into "iplimit", recompiled kernel, it's OK now.;)

It seems like your userspace iptables is out of date.. (i.e. using an
old iptables version with a very recent patch-o-matic). The solution is
to upgrade your iptables program, rather than patching anything.

> by the way, I wan to know when the netfilter will wok will in kernel
> 2.5.* ? until 2.6 release? ( yestoday, I compiled kernel 2.5.74, build
> netfilter with in, but iptables reaport that "no 'filter' table in
> kernel".)

Well, at least with 2.5.70 and 2.5.72 (the last version I've tried) it
was working.

Did you try to recompile the iptables userspace program?

> thx all guy work for netfilter project..

-- 
- Harald Welte <laforge@netfilter.org>             http://www.netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]