Greetings folks,
I've been researching the various iptables modules that are included with the stock CentOS4 distro; particularly the connlimit module.
Is connlimit included by default?
I thought it is since performing # iptables -m connlimit --help
returns information on connlimit usage along with the general iptables help info:
<SNIP> connlimit v1.2.11 options: [!] --connlimit-above n match if the number of existing tcp connections is (not) above n --connlimit-mask n group hosts using mask
</SNIP>
The library seems to exist also: /lib/iptables/libipt_connlimit.so
However, creating a rule that uses connlimit fails:
# iptables -A INPUT -p tcp -m connlimit --connlimit-above 2 --dport \ smtp -j REJECT iptables: No chain/target/match by that name #
So, am I missing something simple? Or am I limited to using netfilter's patch-o-matic and compiling a custom kernel (that I *really* do not want to do)?
Thank you so much, Andrew Hull