On Mar 11 2007 18:14, Pascal Hambourg wrote: >> I can't add connlimit rule? What's wrong? Any suggestion? >> >> ----------------------------------------- >> iptables -m connlimit -h >> connlimit v1.3.7 options: >> [!] --connlimit-above n match if the number of existing tcp >> connections is (not) above n >> --connlimit-mask n group hosts using mask >> >> ----------------------------------------- >> RouterBM:/home/kopecek# iptables -A FORWARD -p tcp -s 10.88.99.71 -m >> connlimit --connlimit-above 300 --connlimit-mask 32 -j REJECT >> --reject-with >> tcp-reset >> iptables: No chain/target/match by that name > > Your kernel probably does not support the connlimit match. The connlimit match > is not part of the standard kernel. It used to be included as a kernel patch in > the patch-o-matic-ng, but has been removed from the daily snapshots since > 2006/07/26. connlimit is still there (not in pomng though), it's out-of-out-off-tree, so to say. You have to patch pomng, and then patch the kernel *whirl* ... Jan --
