Hi all!! Thanks.!! Now I know that the module isn´t compiled. (cat /proc/net/......) I had patched kernel source with POMng but for any reason the connlimit patch didn´t apply. I am recompiling a new kernel and patched it from zero. Thanks, I`ll post my advances. Regards. ----- Original Message ----- From: "Samuel Jean" <sj-netfilter@xxxxxxxxxxxxxxxx> To: "Omar Garcia" <omar.garcia@xxxxxxxxxxxxx> Cc: <netfilter@xxxxxxxxxxxxxxxxxxx> Sent: Wednesday, January 26, 2005 4:42 PM Subject: Re: Connlimit problem > On Wed, January 26, 2005 9:26 am, Omar Garcia said: > > Hi list, > > Hi Omar! > > > [...] > > If i tried in two steps, i confirm that the module connlimit is installed: > > > > BridgeWall:/home/omar# iptables -A PREROUTING -t mangle -m connlimit > > iptables v1.2.11: You must specify `--connlimit-above' > > Try `iptables -h' or 'iptables --help' for more information. > > This doesn't confirm that it is. This only tests the iptables 'module' > which I will call, an extension library. > > > > > > > BridgeWall:/home/omar# iptables -A PREROUTING -t mangle -m connlimit > > --connlimit-above 12 -j DROP > > iptables: No chain/target/match by that name > > This means the kernel module (called ipt_connlimit) is not loadable or > compiled at all. > > > Any idea???? > > Yes, patch your kernel or enable this module. > > If unsure: > > lsmod | grep ipt_connlimit > > No result? Then 'modprobe ipt_connlimit' > > It works ? Then make sure it properly registered against netfilter: > > cat /proc/net/ip_tables_matches | grep connlimit > > > > > Thanks in advange. > > > > Regards > > > > HTH, > > Samuel > >
