Greetings folks,
I've been researching the various iptables modules that are included with the stock CentOS4 distro; particularly the connlimit module.
Is connlimit included by default?
I thought it is since performing # iptables -m connlimit --help
returns information on connlimit usage along with the general iptables help info:
<SNIP> connlimit v1.2.11 options: [!] --connlimit-above n match if the number of existing tcp connections is (not) above n --connlimit-mask n group hosts using mask
</SNIP>
The library seems to exist also: /lib/iptables/libipt_connlimit.so
However, creating a rule that uses connlimit fails:
# iptables -A INPUT -p tcp -m connlimit --connlimit-above 2 --dport \ smtp -j REJECT iptables: No chain/target/match by that name #
So, am I missing something simple? Or am I limited to using netfilter's patch-o-matic and compiling a custom kernel (that I *really* do not want to do)?
Thank you so much, Andrew Hull
Andrew Hull napsal(a):
Greetings folks,
I've been researching the various iptables modules that are included with the stock CentOS4 distro; particularly the connlimit module.
Is connlimit included by default?
I thought it is since performing # iptables -m connlimit --help
returns information on connlimit usage along with the general iptables help info:
<SNIP> connlimit v1.2.11 options: [!] --connlimit-above n match if the number of existing tcp connections is (not) above n --connlimit-mask n group hosts using mask
</SNIP>
The library seems to exist also: /lib/iptables/libipt_connlimit.so
However, creating a rule that uses connlimit fails:
# iptables -A INPUT -p tcp -m connlimit --connlimit-above 2 --dport \ smtp -j REJECT iptables: No chain/target/match by that name #
So, am I missing something simple? Or am I limited to using netfilter's patch-o-matic and compiling a custom kernel (that I *really* do not want to do)?
Thank you so much, Andrew Hull
Hi Andrew, you need kernel module too. http://homen.vsb.cz/~hrb33/el4/hrb/stable/i386/RPMS/ David
Hi Andrew, you need kernel module too. http://homen.vsb.cz/~hrb33/el4/hrb/stable/i386/RPMS/ David
Sorry, I'm too fast... RPM is not there, I have to upload it. I will do it tomorrow from work. Sorry, David
David Hrbác wrote:
Hi Andrew, you need kernel module too. http://homen.vsb.cz/~hrb33/el4/hrb/stable/i386/RPMS/ David
Sorry, I'm too fast... RPM is not there, I have to upload it. I will do it tomorrow from work. Sorry, David
David, Outstanding, thank you.
Just to affirm my understanding (since I'm a little unsure of myself):
1) install the RPM (after you add it to your repository tomorrow) 2) modprobe the module 3) confirm with lsmod 4) start using the new module
am I missing anything?
Again, thanks, Andrew Hull
Andrew Hull napsal(a):
David Hrbác wrote: David, Outstanding, thank you.
Just to affirm my understanding (since I'm a little unsure of myself):
- install the RPM (after you add it to your repository tomorrow)
- modprobe the module
- confirm with lsmod
- start using the new module
am I missing anything?
No. Well, it came to me, you can use Milan's repository. ftp://ftp.vslib.cz/pub/local/milan.kerslager/RHEL-4/stable he has the same connlimit RPMs. David
David Hrbác wrote:
Well, it came to me, you can use Milan's repository. ftp://ftp.vslib.cz/pub/local/milan.kerslager/RHEL-4/stable he has the same connlimit RPMs. David _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Whoooo-hooo!!!! its purring like a kitten!
Thank you so much David.
Andrew
-
Andrew Hull -
David Hrbác( -
David Hrbáč