From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andrew Beverley Subject: Re: Connlimit and linux-2.6.17 Date: Sat, 22 Jul 2006 10:34:31 +0100 Message-ID: <44C1F127.5040704@andybev.com> References: <44BEA42B.3000304@andybev.com> <44BEB607.3000408@andybev.com> <44C16CE4.3030302@andybev.com> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-bounces@lists.netfilter.org Errors-To: netfilter-bounces@lists.netfilter.org Content-Type: text/plain; charset="us-ascii"; format="flowed" To: Krzysztof Oledzki Cc: netfilter@lists.netfilter.org, martin.bene@icomedias.com, kraxel@bytesex.org, netfilter-devel@lists.netfilter.org Krzysztof Oledzki wrote: > > > On Sat, 22 Jul 2006, Andrew Beverley wrote: > >>>>>> I (and others, see netfilter list) are having trouble compiling >>>>>> kernel 2.6.17.4 and iptables-1.3.5-20060508 to use connlimit. Once >>>>>> compiled in and I run: >>>> >>>> >>>> >>>>> Yes, the API was changed in 2.6.17, so small fixes are required to >>>>> allow extensions to work. I'm currently traveling a lot so >>>>> connlimit & TARPIT is still on my TODO list. I'm going to finish it >>>>> ASAP but with limited GPRS/EDGE access it is not so simple. >>> >>> OK, I fixed the connlimit extension. Please: >>> >>> - tell me if it works (or not). >>> >> >> I forgot to mention - I get a lot of 'ipt_connlimit: Oops: invalid ct >> state' error messages scrolling up the screen. > > But when did it start? In 2.6.17? Sorry - should have said. It has always done it. I thought I'd take the opportunity to ask as I've never found the answer. > >> Is it safe for me to edit ipt_connlimit.c to not print them? Or are >> they telling me there is something wrong with my setup? > > Plase try adding "-m conntrack --ctstate INVALID -j DROP" before "-m > connlimit (...)". Did it help? Yes, that sorts it. I have a lot of clients on my network and these look like they're generated by some p2p software of one PC. Many thanks, Andy