Re: iptables connlimit

To: debian-security@lists.debian.org
Subject: Re: iptables connlimit
From: Bernd Eckenfels <ecki@lina.inka.de>
Date: Tue, 08 Mar 2005 00:42:01 +0100
Message-id: <[🔎] E1D8RrN-0002ud-00@calista.eckenfels.6bone.ka-ip.net>
In-reply-to: <[🔎] 20050307234755.6da6e36a.gygy@rdslink.ro>

In article <[🔎] 20050307234755.6da6e36a.gygy@rdslink.ro> you wrote:
>> >server# iptables -A INPUT -p tcp --dport 80 -m connlimit --connlimit-above
>> >3 -j REJECT --reject-with tcp-reset

Have  you tried:

iptables -m connlimit -h 

does it show the connlimit options?

BTW: my iptables manpage knows about -m connrate  --connrate <from>:<to>,
but it is clearly not available on my system.

Perhaps it is easiest if you strace the command. Also try to skip single
parameters (like --reject-with tcp-reset)

Greetings
Bernd

Reply to:

Follow-Ups:
- Re: iptables connlimit
  - From: Adrian Minta <gygy@rdslink.ro>

References:
- Re: iptables connlimit
  - From: Adrian Minta <gygy@rdslink.ro>

Prev by Date: Re: iptables connlimit
Next by Date: Re: TCP SYN packets which have the FIN flag set.
Previous by thread: Re: iptables connlimit
Next by thread: Re: iptables connlimit
Index(es):
- Date
- Thread