On Thu, 11 Apr 2024 21:04:53 +0100 Kerin Millar wrote: > # zgrep NFT_CONNLIMIT /proc/config.gz > # CONFIG_NFT_CONNLIMIT is not set Same here. > With that in mind, are you able to "modprobe nft_connlimit" at all? It returns a fatal error that the module is not found. All I find when searching is that the module is missing in different distros and some references to CVE-2022-32250 which doesn't clarify much: https://research.nccgroup.com/2022/09/01/settlers-of-netlink-exploiting-a-limited-uaf-in-nf_tables-cve-2022-32250/#rip-control-by-triggering-garbage-collection I wonder if distros have deliberately removed the module because of the CVE or if there is something else. What would you advise?
