[CentOS] Running iptables/netfilter module connlimit with stock CentOS4

Andrew Hull list at racc2000.com
Wed Nov 8 20:37:08 UTC 2006


Greetings folks,

I've been researching the various iptables modules that are included 
with the stock CentOS4 distro; particularly the connlimit module.

Is connlimit included by default?

I thought it is since performing
# iptables -m connlimit --help

returns information on connlimit usage along with the general iptables 
help info:

<SNIP>
connlimit v1.2.11 options:
[!] --connlimit-above n         match if the number of existing tcp 
connections is (not) above n
  --connlimit-mask n             group hosts using mask

</SNIP>



The library seems to exist also:
/lib/iptables/libipt_connlimit.so


However, creating a rule that uses connlimit fails:

# iptables -A INPUT -p tcp -m connlimit --connlimit-above 2 --dport \ 
smtp -j REJECT
iptables: No chain/target/match by that name
#

So, am I missing something simple? Or am I limited to using netfilter's 
patch-o-matic and compiling a custom kernel (that I *really* do not want 
to do)?

Thank you so much,
Andrew Hull





More information about the CentOS mailing list