Greetings folks, I've been researching the various iptables modules that are included with the stock CentOS4 distro; particularly the connlimit module. Is connlimit included by default? I thought it is since performing # iptables -m connlimit --help returns information on connlimit usage along with the general iptables help info: <SNIP> connlimit v1.2.11 options: [!] --connlimit-above n match if the number of existing tcp connections is (not) above n --connlimit-mask n group hosts using mask </SNIP> The library seems to exist also: /lib/iptables/libipt_connlimit.so However, creating a rule that uses connlimit fails: # iptables -A INPUT -p tcp -m connlimit --connlimit-above 2 --dport \ smtp -j REJECT iptables: No chain/target/match by that name # So, am I missing something simple? Or am I limited to using netfilter's patch-o-matic and compiling a custom kernel (that I *really* do not want to do)? Thank you so much, Andrew Hull