Re: Problem adding connlimit rule

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: Jason Opperisano <opie@817west.com>
To: netfilter@lists.netfilter.org
Subject: Re: Problem adding connlimit rule
Date: Tue, 10 May 2005 09:45:55 -0400	[thread overview]
Message-ID: <20050510134555.GA9056@bender.817west.com> (raw)
In-Reply-To: <20050510112649.07D4458F@mail.817west.com>

On Tue, May 10, 2005 at 01:26:24PM +0200, Ruben Cardenal wrote:
> Hi,
> 
>   I'm trying to add a quite simple rule but I get an error:
> 
> # iptables -I INPUT -p tcp --syn --dport 25 -m connlimit --connlimit-above
> 10 -j REJECT
> iptables: No chain/target/match by that name
> 
> But:
> 
> # lsmod
> Module                  Size  Used by    Tainted: PF 
> ipt_REJECT              3160   0  (unused)
> ipt_conntrack           1176   0  (unused)
> ipt_limit               1048   0  (unused)
> ipt_iplimit             1560   0  (unused)
> ipt_TARPIT              2104   0  (unused)
> af_packet              14792   0  (autoclean)
> esm                    71503   1 
> nls_cp437               4348   1  (autoclean)
> nls_iso8859-1           2844   1  (autoclean)
> smbfs                  40144   1  (autoclean)
> nfsd                   85168   0  (autoclean)
> abi-ibcs                6604   0  (autoclean) (unused)
> abi-svr4               79620   0  (autoclean) [abi-ibcs]
> lcall7                  1728   0  (autoclean) [abi-ibcs]
> abi-util                2176   0  (autoclean) [abi-svr4 lcall7]
> iptable_nat            17638   0  (autoclean) (unused)
> ip_conntrack           19384   3  (autoclean) [ipt_conntrack ipt_iplimit
> iptable_nat]
> iptable_mangle          2200   0  (autoclean) (unused)
> iptable_filter          1708   1  (autoclean)
> ip_tables              11808  10  [ipt_REJECT ipt_conntrack ipt_limit
> ipt_iplimit ipt_TARPIT iptable_nat iptable_mangle iptable_filter]
> ide-cd                 32252   0  (autoclean)
> isa-pnp                32520   0  (unused)
> ipv6                  179508  -1  (autoclean)
> st                     30740   0  (autoclean) (unused)
> sr_mod                 13624   0  (autoclean) (unused)
> cdrom                  30496   0  (autoclean) [ide-cd sr_mod]
> sg                     29276   0  (autoclean)
> mousedev                4536   0  (unused)
> joydev                  5984   0  (unused)
> evdev                   4352   0  (unused)
> input                   3488   0  [mousedev joydev evdev]
> usb-ohci               22056   0  (unused)
> usbcore                66508   1  [usb-ohci]
> raw1394                16756   0  (unused)
> ieee1394               38064   0  [raw1394]
> bcm5700                82948   1 
> e100                   56328   1 
> perle-serial           43144   1 
> lvm-mod                70500   0  (autoclean)
> quota_v2                7408   0 
> reiserfs              227988   4 
> aacraid                27748   8 
> 
>   Am I missing any module?

do *you* see ipt_connlimit in that list?  i don't.

>   I'm using iptables v1.3.1 on a SuSe.

i'll take a stab in the dark, and say that you're running SuSE 9.3,
which does not ship support for the connlimit match in its default kernel.

- download kernel source, iptables source, and PoM source
- apply connlimit patch from PoM
- recompile kernel
- recompile iptables (probably not absolutely necessary in this case)
- reboot with new kernel
- use connlimit

-j

--
"Stewie: Do these huggies make my ass look big?"
        --Family Guy

next prev parent reply	other threads:[~2005-05-10 13:45 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-05-10 11:13 philosophical question regarding NAT Ian Laurie
2005-05-10 11:25 ` Vasilii.Alferov
2005-05-11  9:12   ` Ian Laurie
2005-05-10 11:26 ` Problem adding connlimit rule Ruben Cardenal
2005-05-10 13:11 ` philosophical question regarding NAT Francesco Ciocchetti
     [not found] ` <20050510112649.07D4458F@mail.817west.com>
2005-05-10 13:45   ` Jason Opperisano [this message]
2005-05-10 22:11 ` Taylor, Grant
     [not found] <20050510122425.311997D9@smtp-01.piensasolutions.com>
2005-05-10 11:51 ` Problem adding connlimit rule Jose Maria Lopez Hernandez
2005-05-10 13:21   ` Ruben Cardenal
     [not found] <20050510132207.647268FAC@smtp-01.piensasolutions.com>
2005-05-10 16:51 ` Jose Maria Lopez Hernandez
     [not found] <200505101324.j4ADO4fr025185@darkstar.sysinfo.com>
2005-05-10 20:56 ` R. DuFresne

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20050510134555.GA9056@bender.817west.com \
    --to=opie@817west.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox