Krzysztof Oledzki wrote:
On Sat, 22 Jul 2006, Andrew Beverley wrote:
I (and others, see netfilter list) are having trouble compiling
kernel 2.6.17.4 and iptables-1.3.5-20060508 to use connlimit. Once
compiled in and I run:
<snip>
Yes, the API was changed in 2.6.17, so small fixes are required to
allow extensions to work. I'm currently traveling a lot so
connlimit & TARPIT is still on my TODO list. I'm going to finish it
ASAP but with limited GPRS/EDGE access it is not so simple.
OK, I fixed the connlimit extension. Please:
- tell me if it works (or not).
I forgot to mention - I get a lot of 'ipt_connlimit: Oops: invalid ct
state' error messages scrolling up the screen.
But when did it start? In 2.6.17?
Sorry - should have said. It has always done it. I thought I'd take the
opportunity to ask as I've never found the answer.
Is it safe for me to edit ipt_connlimit.c to not print them? Or are
they telling me there is something wrong with my setup?
Plase try adding "-m conntrack --ctstate INVALID -j DROP" before "-m
connlimit (...)". Did it help?
Yes, that sorts it. I have a lot of clients on my network and these look like
they're generated by some p2p software of one PC.
Many thanks,
Andy
