| 1 |
>>> I would like to use iplimit in my firewall. |
| 2 |
> |
| 3 |
>> I'm still using 2.6.11-r9, but, it appears to be in yours too. From |
| 4 |
>> "make menuconfig" under the 2.6.11-r9 it is here: |
| 5 |
> [...] |
| 6 |
>> <m> limit match support |
| 7 |
> |
| 8 |
> It is not this module. "limit" module can limit number of packets in |
| 9 |
> specified amount of time. But I want to limit number of parallel |
| 10 |
> connections from define IP. |
| 11 |
|
| 12 |
Ups... I've had the old news about iplimit. There is a feature, which I |
| 13 |
would like to use in ipt_limit module, as Chad Feller wrote. The module |
| 14 |
to enable in iptables (-m) is called connlimit, not iplimit. |
| 15 |
|
| 16 |
But I have now another problem. When I want to use connlimit module, I |
| 17 |
always get iptables error: "iptables: No chain/target/match by that name" |
| 18 |
|
| 19 |
For example: |
| 20 |
|
| 21 |
# lsmod | grep limit |
| 22 |
ipt_limit 2240 2 |
| 23 |
|
| 24 |
iptables -A FORWARD -o eth2 -s 192.168.0.12 \ |
| 25 |
-m connlimit --connlimit-above 60 -j REJECT |
| 26 |
iptables: No chain/target/match by that name |
| 27 |
|
| 28 |
Any other rules (not -m connlimit) added to FORWARD chain are working well. |
| 29 |
|
| 30 |
|
| 31 |
I've tried to compile ipt_limit in kernel (not as module), but the error |
| 32 |
appears also. |
| 33 |
|
| 34 |
-- |
| 35 |
MZ |
| 36 |
|
| 37 |
-- |
| 38 |
gentoo-user@g.o mailing list |
Archives