Andrew Hull napsal(a): > Greetings folks, > > I've been researching the various iptables modules that are included > with the stock CentOS4 distro; particularly the connlimit module. > > Is connlimit included by default? > > I thought it is since performing > # iptables -m connlimit --help > > returns information on connlimit usage along with the general iptables > help info: > > <SNIP> > connlimit v1.2.11 options: > [!] --connlimit-above n match if the number of existing tcp > connections is (not) above n > --connlimit-mask n group hosts using mask > > </SNIP> > > > > The library seems to exist also: > /lib/iptables/libipt_connlimit.so > > > However, creating a rule that uses connlimit fails: > > # iptables -A INPUT -p tcp -m connlimit --connlimit-above 2 --dport \ > smtp -j REJECT > iptables: No chain/target/match by that name > # > > So, am I missing something simple? Or am I limited to using netfilter's > patch-o-matic and compiling a custom kernel (that I *really* do not want > to do)? > > Thank you so much, > Andrew Hull > Hi Andrew, you need kernel module too. http://homen.vsb.cz/~hrb33/el4/hrb/stable/i386/RPMS/ David