[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Is connlimit available in etch? Will it be available in future?


Nick Y Kuzminyh a écrit :
Dear Professionals,

Huh ?

Can you please explain me:
* is "connlimit" module available in etch?

The connlimit match support was included in the mainline kernel since version 2.6.23, so it is not available in the default 2.6.18 kernels included in Debian etch. However it is available in the newer 2.6.24-etchnhalf kernel which was added to the latest release of Debian etch, 4.0r4. For more details about "etch-and-half", see <http://www.debian.org/News/2008/20080726>.

You could have searched in the package base at <http://www.debian.org/distrib/packages#search_contents> In the keyword field type "connlimit", select "packages that contain files whose names contain the keyword" and distribution "stable".

Note that the kernel module is named xt_connlimit, not ipt_connlimit. Anyway you should not need to load the module explicitly. The prefix xt_ means that it supports both IPv4 (iptables) and IPv6 (ip6tables). However the iptables version 1.3.6 included in etch does not support yet the IPv6 connlimit match. It requires iptables 1.4.0 at least (lenny will provide 1.4.1), and the shared library will be named libxt_connlimit.so (you should not need to care about it either). If you don't use connlimit with ip6tables you don't need to worry about it.

Reply to: