# iptables -m connlimit --help<br><br>.........<br>connlimit v1.3.5 options:<br>[!] --connlimit-above n match if the number of existing tcp connections is (not) above n<br> --connlimit-mask n group hosts using mask
<br>-----------------------------------------<br><br><span class="code">The library seems to exist also:<br>/lib64/iptables/libipt_connlimit.so<br><br></span><span class="code">However, creating a rule that uses connlimit fails:
</span><br><span class="code">#$IPTABLES -A tcp_traffic_in -p tcp --dport 80 -m connlimit --connlimit-above 2 -j DROP<br>iptables: Unknown error 4294967295<br><br></span><span class="code">So, am I missing something? Or am I limited to using netfilter's patch-o-matic and compiling a custom kernel (that I
<b>*really* do not</b> want
to do)?<br><br>Thank you so much<br><br>Hoang Phong<br>Viet Nam<br></span><span class="code"><br></span>