1 |
>>> I would like to use iplimit in my firewall. |
2 |
> |
3 |
>> I'm still using 2.6.11-r9, but, it appears to be in yours too. From |
4 |
>> "make menuconfig" under the 2.6.11-r9 it is here: |
5 |
> [...] |
6 |
>> <m> limit match support |
7 |
> |
8 |
> It is not this module. "limit" module can limit number of packets in |
9 |
> specified amount of time. But I want to limit number of parallel |
10 |
> connections from define IP. |
11 |
|
12 |
Ups... I've had the old news about iplimit. There is a feature, which I |
13 |
would like to use in ipt_limit module, as Chad Feller wrote. The module |
14 |
to enable in iptables (-m) is called connlimit, not iplimit. |
15 |
|
16 |
But I have now another problem. When I want to use connlimit module, I |
17 |
always get iptables error: "iptables: No chain/target/match by that name" |
18 |
|
19 |
For example: |
20 |
|
21 |
# lsmod | grep limit |
22 |
ipt_limit 2240 2 |
23 |
|
24 |
iptables -A FORWARD -o eth2 -s 192.168.0.12 \ |
25 |
-m connlimit --connlimit-above 60 -j REJECT |
26 |
iptables: No chain/target/match by that name |
27 |
|
28 |
Any other rules (not -m connlimit) added to FORWARD chain are working well. |
29 |
|
30 |
|
31 |
I've tried to compile ipt_limit in kernel (not as module), but the error |
32 |
appears also. |
33 |
|
34 |
-- |
35 |
MZ |
36 |
|
37 |
-- |
38 |
gentoo-user@g.o mailing list |