El mar, 10-05-2005 a las 15:21 +0200, Ruben Cardenal escribiÃ: > Hi, > > netfilter-bounces@xxxxxxxxxxxxxxxxxxx wrote: > > El mar, 10-05-2005 a las 13:26 +0200, Ruben Cardenal escribiÃ: > >> Hi, > >> > >> I'm trying to add a quite simple rule but I get an error: > >> > >> # iptables -I INPUT -p tcp --syn --dport 25 -m connlimit > >> --connlimit-above 10 -j REJECT iptables: No chain/target/match by > >> that name > > > > Maybe you don't have the support for the connlimit match compiled > > for iptables. Check if you have the file: > > /lib/iptables/libipt_connlimit.so > > For this system libs are located under /usr/local/lib/iptables and > libipt_connlimit.so is there. Do you have the vanilla kernel patched with pom-ng? I know the FC3 and RHEL kernels don't include the support for the connlimit match, so you have to apply the last pom patches to the iptables sources and the kernel. If you are using the kernel bundled with a distribution then probably it doesn't have the connlimit support. > Regards, > > - Ruben Regards. -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac@xxxxxxxxx bgSEC Seguridad y Consultoria de Sistemas http://www.bgsec.com ESPAÃA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road"
