Hi, I have Debian Sarge 3.1 testing, compiled kernel 2.6.18.2 and actual iptables 1.3.7 compiled and installed I need to solve problem with full ip_conntrack on my router. One client with some agressive P2P makes ip_conntack full. So I need to limit connections per that IP address I can't add connlimit rule? What's wrong? Any suggestion? ----------------------------------------- iptables -m connlimit -h connlimit v1.3.7 options: [!] --connlimit-above n match if the number of existing tcp connections is (not) above n --connlimit-mask n group hosts using mask ----------------------------------------- RouterBM:/home/kopecek# iptables -A FORWARD -p tcp -s 10.88.99.71 -m connlimit --connlimit-above 300 --connlimit-mask 32 -j REJECT --reject-with tcp-reset iptables: No chain/target/match by that name RouterBM:/home/kopecek# iptables -A FORWARD -p tcp -m connlimit --connlimit-above 300 --connlimit-mask 32 -j REJECT --reject-with tcp-reset iptables: No chain/target/match by that name RouterBM:/home/kopecek# iptables -A FORWARD -p tcp -m connlimit --connlimit-above 300 --connlimit-mask 32 -j DROP iptables: No chain/target/match by that name
