S?ébastien Cramatte írta:
Hello,
Why REJECT target is not supported with MANGLE ?
My server is running debian etch4 with 2.6.22 kernel and setuped as
traffic shaper + transparent bridge
The command with connlimit bellow won't work and return me "Invalid
Argument"
iptables -t mangle -N mytable
iptables --table mangle --append POSTROUTING --out-interface br0
--match physdev --physdev-is-bridged --physdev-out eth0 --jump mytable
iptables -t mangle -A mytable --proto tcp --match connlimit
--connlimit-above 15 --connlimit-mask 32 --jump REJECT
iptables -t mangle -A mytable --jump CLASSIFY --set-class 1:10
How can I achieve this kind of setup ?
I would drop those packets in a filter table...
INPUT/filter
OUTPUT/filter
FORWARD/filter
Is there any good reason not to do that?
Swifty
-
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
