iptables connlimit on CentOS 5 with 2.6.32-042 kernel?

Support for security such as Firewalls and securing linux
Post Reply
postcd
Posts: 24
Joined: 2014/10/11 11:45:27

iptables connlimit on CentOS 5 with 2.6.32-042 kernel?

Post by postcd » 2017/03/06 10:04:22

How it is possible to make iptables connlimit working on an outdated CentOS 5.9 64bit running on kernel 2.6.32-042 (OpenVZ)? (without doing anything with kernel)

Kernel modules are loaded on the host server already

$ lsmod|grep connl
xt_connlimit 3254 3
nf_conntrack 80313 14

and connlimit working on Centos6, not on Centos5 (showing: [Error: iptables: Unknown error 18446744073709551615] - Required for CONNLIMIT feature)

Installed Packages: iptables.x86_64 1.3.5-9.2.el5_8

My aim is to limit number of connections an IP can do on post 80

Found this and this and unsure if it can be anyhow solution for me.

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: iptables connlimit on CentOS 5 with 2.6.32-042 kernel?

Post by TrevorH » 2017/03/06 10:19:38

That is an openvz kernel and parameters to its modules are controlled by the host. You need to contact your hoster to fix this.

Also, CentOS 5 now has less than 4 weeks of life left - you need to be getting off CentOS 5 and onto a supported version ASAP. All security updates stop for CentOS 5 on March 31st.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply