* Claus Malter [24-03-2007 13:41]: > + iptables -A TCP -m state --state RELATED,ESTABLISHED -j ACCEPT > can't load conntrack support for proto=2 > iptables: Invalid argument > > + iptables -A INPUT -i eth0 -p tcp -m state --state NEW -j TCP_FLOOD > can't load conntrack support for proto=2 > iptables: Invalid argument Hi, ich habe die Regeln mal getestet: # iptables -V iptables v1.3.6 # iptables -N TCP # iptables -A TCP -m state --state RELATED,ESTABLISHED -j ACCEPT # iptables -N TCP_FLOOD # iptables -A INPUT -i eth0 -p tcp -m state --state NEW -j TCP_FLOOD # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination TCP_FLOOD tcp -- anywhere anywhere state NEW Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain TCP (0 references) target prot opt source destination ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED Chain TCP_FLOOD (1 references) target prot opt source destination $ grep -i conntrack /boot/config-2.6.20.3 CONFIG_NF_CONNTRACK_ENABLED=m CONFIG_NF_CONNTRACK_SUPPORT=y # CONFIG_IP_NF_CONNTRACK_SUPPORT is not set CONFIG_NF_CONNTRACK=m # CONFIG_NF_CONNTRACK_MARK is not set # CONFIG_NF_CONNTRACK_SECMARK is not set # CONFIG_NF_CONNTRACK_EVENTS is not set CONFIG_NF_CONNTRACK_AMANDA=m CONFIG_NF_CONNTRACK_FTP=m CONFIG_NF_CONNTRACK_H323=m CONFIG_NF_CONNTRACK_IRC=m CONFIG_NF_CONNTRACK_NETBIOS_NS=m CONFIG_NF_CONNTRACK_PPTP=m CONFIG_NF_CONNTRACK_SIP=m CONFIG_NF_CONNTRACK_TFTP=m CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m CONFIG_NF_CONNTRACK_IPV4=m CONFIG_NF_CONNTRACK_PROC_COMPAT=y CONFIG_NF_CONNTRACK_IPV6=m $ lsmod | grep conntrack nf_conntrack_ipv4 17420 2 nf_conntrack 55304 2 nf_conntrack_ipv4,xt_state nfnetlink 6936 2 nf_conntrack_ipv4,nf_conntrack Hier gibt es keine Fehlermeldung mit 2.6.20.3. Gruß Uwe
Attachment:
signature.asc
Description: Digital signature