On Tue, 08 Mar 2005 00:42:01 +0100
Bernd Eckenfels <[EMAIL PROTECTED]> wrote:
> In article <[EMAIL PROTECTED]> you wrote:
> >> >server# iptables -A INPUT -p tcp --dport 80 -m connlimit
> >--connlimit-above > >3 -j REJECT --reject-with tcp-reset
>
> Have you tried:
>
> iptables -m connlimit -h
>
> does it show the connlimit options?
>
> BTW: my iptables manpage knows about -m connrate --connrate :,
> but it is clearly not available on my system.
>
> Perhaps it is easiest if you strace the command. Also try to skip single
> parameters (like --reject-with tcp-reset)
>
server# iptables -m connlimit -h
connlimit v1.2.11 options:
[!] --connlimit-above n match if the number of existing tcp
connections is (not) above n
--connlimit-mask n group hosts using mask
server#
iptables -A INPUT -p tcp --dport 80 -m connlimit --connlimit-above 3 -j REJECT
iptables: No chain/target/match by that name
I use plain sarge (no patches, default kernel, default iptables)
--
Best regards,
Minta Adrian
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]