Andrew Hull napsal(a):
> Greetings folks,
>
> I've been researching the various iptables modules that are included
> with the stock CentOS4 distro; particularly the connlimit module.
>
> Is connlimit included by default?
>
> I thought it is since performing
> # iptables -m connlimit --help
>
> returns information on connlimit usage along with the general iptables
> help info:
>
> <SNIP>
> connlimit v1.2.11 options:
> [!] --connlimit-above n match if the number of existing tcp
> connections is (not) above n
> --connlimit-mask n group hosts using mask
>
> </SNIP>
>
>
>
> The library seems to exist also:
> /lib/iptables/libipt_connlimit.so
>
>
> However, creating a rule that uses connlimit fails:
>
> # iptables -A INPUT -p tcp -m connlimit --connlimit-above 2 --dport \
> smtp -j REJECT
> iptables: No chain/target/match by that name
> #
>
> So, am I missing something simple? Or am I limited to using netfilter's
> patch-o-matic and compiling a custom kernel (that I *really* do not want
> to do)?
>
> Thank you so much,
> Andrew Hull
>
Hi Andrew,
you need kernel module too.
http://homen.vsb.cz/~hrb33/el4/hrb/stable/i386/RPMS/
David
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
