[CentOS] Running iptables/netfilter module connlimit with stock CentOS4

Wed Nov 8 20:44:26 UTC 2006
David Hrbác( <hrbac.conf at seznam.cz>

Andrew Hull napsal(a):
> Greetings folks,
> 
> I've been researching the various iptables modules that are included
> with the stock CentOS4 distro; particularly the connlimit module.
> 
> Is connlimit included by default?
> 
> I thought it is since performing
> # iptables -m connlimit --help
> 
> returns information on connlimit usage along with the general iptables
> help info:
> 
> <SNIP>
> connlimit v1.2.11 options:
> [!] --connlimit-above n         match if the number of existing tcp
> connections is (not) above n
>  --connlimit-mask n             group hosts using mask
> 
> </SNIP>
> 
> 
> 
> The library seems to exist also:
> /lib/iptables/libipt_connlimit.so
> 
> 
> However, creating a rule that uses connlimit fails:
> 
> # iptables -A INPUT -p tcp -m connlimit --connlimit-above 2 --dport \
> smtp -j REJECT
> iptables: No chain/target/match by that name
> #
> 
> So, am I missing something simple? Or am I limited to using netfilter's
> patch-o-matic and compiling a custom kernel (that I *really* do not want
> to do)?
> 
> Thank you so much,
> Andrew Hull
> 

Hi Andrew,
you need kernel module too.
http://homen.vsb.cz/~hrb33/el4/hrb/stable/i386/RPMS/
David