On Sat, 22 Jul 2006, Andrew Beverley wrote:
I (and others, see netfilter list) are having trouble compiling kernel
2.6.17.4 and iptables-1.3.5-20060508 to use connlimit. Once compiled in
and I run:
<snip>
Yes, the API was changed in 2.6.17, so small fixes are required to allow
extensions to work. I'm currently traveling a lot so connlimit & TARPIT
is still on my TODO list. I'm going to finish it ASAP but with limited
GPRS/EDGE access it is not so simple.
OK, I fixed the connlimit extension. Please:
- tell me if it works (or not).
I forgot to mention - I get a lot of 'ipt_connlimit: Oops: invalid ct state'
error messages scrolling up the screen.
But when did it start? In 2.6.17?
Is it safe for me to edit
ipt_connlimit.c to not print them? Or are they telling me there is something
wrong with my setup?
Plase try adding "-m conntrack --ctstate INVALID -j DROP" before "-m
connlimit (...)". Did it help?
Best regards,
Krzysztof Olędzki
