Re: iptables connlimit

To: debian-security@lists.debian.org
Subject: Re: iptables connlimit
From: Guillaume Tournat <guillaume.tournat@adelux.fr>
Date: Mon, 07 Mar 2005 09:29:19 +0100
Message-id: <[🔎] 422C10DF.6020005@adelux.fr>
In-reply-to: <[🔎] 20050306222904.5bd5d8b4.gygy@rdslink.ro>
References: <[🔎] 20050306222904.5bd5d8b4.gygy@rdslink.ro>

Adrian Minta a écrit :

Is iptables connlimit available in sarge ?
I try to limit incoming connection to my webserver:

server# iptables -A INPUT -p tcp --dport 80 -m connlimit --connlimit-above 3
-j REJECT --reject-with tcp-reset
the error:
iptables: No chain/target/match by that name

What I'm doing wrong ?

iptables seems to have support for connlimit:

/lib/iptables/libipt_connlimit.soand a module ipt_limit.ko exist in the kernel directory ( 2.6.8-2-k7)

did you try "modprobe ipt_limit" (as root) before ?

--
Guillaume Tournat   (Adelux)         <guillaume.tournat@adelux.fr>
Administrateur systemes/reseaux      <http://www.adelux.fr>
Tel : +33 (0)5 49 49 71 90
Fax : +33 (0)5 49 49 71 91

Reply to:

Follow-Ups:
- Re: iptables connlimit
  - From: Adrian Minta <gygy@rdslink.ro>

References:
- iptables connlimit
  - From: Adrian Minta <gygy@rdslink.ro>

Prev by Date: iptables connlimit
Next by Date: A security fix introduced a 'grave' bug
Previous by thread: iptables connlimit
Next by thread: Re: iptables connlimit
Index(es):
- Date
- Thread