iptables connlimit problem

Support for security such as Firewalls and securing linux
jmsykim
Posts: 4
Joined: 2006/10/04 22:09:01

iptables connlimit problem

Postby jmsykim » 2006/10/04 22:22:15

Hi,
I installed the CentOS4.4 (2.4.9-42.EL) and set up the iptables.

However I got a problem in the following:

# iptables -A INPUT -p tcp --dport 80 -m connlimit --connlimit-above 10 -j DROP
the error:
iptables: No chain/target/match by that name

Is there anything wrong? I think not in the sentence.

And, If I execute:
# iptables -m connlimit -h
....
connlimit v1.2.11 options:
[!] --connlimit-above n match if the number of existing tcp connections is (not) above n
--connlimit-mask n group hosts using mask

It means the connlimit is available in the system.

Can anybody help me, please?

gmin1004
Posts: 1
Joined: 2010/01/05 02:12:07

Re: iptables connlimit problem

Postby gmin1004 » 2010/01/05 02:15:25

Hi...

CentOS can't support iptables connlimit modules.

If you wanna use connlimit module, you have to upgrade kernel >= 2.6.29

And you have to choose some feature in menuconfig...