On Wed, January 26, 2005 9:26 am, Omar Garcia said: > Hi list, Hi Omar! > [...] > If i tried in two steps, i confirm that the module connlimit is installed: > > BridgeWall:/home/omar# iptables -A PREROUTING -t mangle -m connlimit > iptables v1.2.11: You must specify `--connlimit-above' > Try `iptables -h' or 'iptables --help' for more information. This doesn't confirm that it is. This only tests the iptables 'module' which I will call, an extension library. > > > BridgeWall:/home/omar# iptables -A PREROUTING -t mangle -m connlimit > --connlimit-above 12 -j DROP > iptables: No chain/target/match by that name This means the kernel module (called ipt_connlimit) is not loadable or compiled at all. > Any idea???? Yes, patch your kernel or enable this module. If unsure: lsmod | grep ipt_connlimit No result? Then 'modprobe ipt_connlimit' It works ? Then make sure it properly registered against netfilter: cat /proc/net/ip_tables_matches | grep connlimit > > Thanks in advange. > > Regards > HTH, Samuel
