>>> I would like to use iplimit in my firewall. > >> I'm still using 2.6.11-r9, but, it appears to be in yours too. From >> "make menuconfig" under the 2.6.11-r9 it is here: > [...] >> <m> limit match support > > It is not this module. "limit" module can limit number of packets in > specified amount of time. But I want to limit number of parallel > connections from define IP.
Ups... I've had the old news about iplimit. There is a feature, which I would like to use in ipt_limit module, as Chad Feller wrote. The module to enable in iptables (-m) is called connlimit, not iplimit. But I have now another problem. When I want to use connlimit module, I always get iptables error: "iptables: No chain/target/match by that name" For example: # lsmod | grep limit ipt_limit 2240 2 iptables -A FORWARD -o eth2 -s 192.168.0.12 \ -m connlimit --connlimit-above 60 -j REJECT iptables: No chain/target/match by that name Any other rules (not -m connlimit) added to FORWARD chain are working well. I've tried to compile ipt_limit in kernel (not as module), but the error appears also. -- MZ -- gentoo-user@gentoo.org mailing list
