# iptables -m connlimit --help ......... connlimit v1.3.5 options: [!] --connlimit-above n match if the number of existing tcp connections is (not) above n --connlimit-mask n group hosts using mask ----------------------------------------- The library seems to exist also: /lib64/iptables/libipt_connlimit.so However, creating a rule that uses connlimit fails: #$IPTABLES -A tcp_traffic_in -p tcp --dport 80 -m connlimit --connlimit-above 2 -j DROP iptables: Unknown error 4294967295 So, am I missing something? Or am I limited to using netfilter's patch-o-matic and compiling a custom kernel (that I **really* do not* want to do)? Thank you so much Hoang Phong Viet Nam -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20080124/afaf4e42/attachment-0004.html>