On Wed, January 26, 2005 10:04 am, Omar Garcia said: > > No effect, the same responsed. > > # iptables -t filter -A FORWARD -m connlimit --connlimit-above 100 -j DROP > iptables: No chain/target/match by that name > > # iptables -t filter -A OUTPUT -m connlimit --connlimit-above 100 -j DROP > iptables: No chain/target/match by that name To add on my previous post, if you in-kernel compiled the connlimit code, then only : cat /proc/net/ip_tables_matches can tell you wheter it is properly loaded or not. > > > ----- Original Message ----- > From: "Samuel Díaz García" <samueldg@xxxxxxxxxxxx> > To: "Omar Garcia" <omar.garcia@xxxxxxxxxxxxx> > Sent: Wednesday, January 26, 2005 3:57 PM > Subject: Re: Connlimit problem > > >> It is working in "filter" table, not in mangle. >> >> Try it, I think connlimit is only for filters. >> >> Say us. Samuel: A match type module is valid for any tables. Only the hook matters as some module can't filter some situation. Exemple: mac match can't filter into OUTPUT or POSTROUTING chains. What maybe made you confused is that a target type module cares about the table. >> >> -- >> Samuel Díaz García >> Director Gerente >> ArcosCom Wireless, S.L.L. >> >> mailto:samueldg@xxxxxxxxxxxx >> http://www.arcoscom.com >> móvil: 651 93 72 48 >> tlfn/fax: 956 70 13 15 >> I like your name 8) HTH, Samuel
