Hello,
I have similar problem here with two boxes both running etch.
I'm trying to load next firewall rules:
iptables -A INPUT -p tcp --dport 80 -m connlimit --connlimit-above 16
--connlimit-mask 24 -j REJECT
box1:
linux-image-2.6.18-4-686 (2.6.18.dfsg.1-12etch2)
iptables 1.3.6.0debian1-5
# ls /lib/modules/2.6.18-4-686/kernel/net/netfilter/*limit*
/lib/modules/2.6.18-4-686/kernel/net/netfilter/xt_limit.ko
# iptables -A INPUT -p tcp --dport 80 -m connlimit --connlimit-above
16 --connlimit-mask 24 -j REJECT
iptables: No chain/target/match by that name
That is OK as I don't have xt_connlimit.ko module in this kernel, so
there is no bug, right?
box2:
linux-image-2.6.24-1-686 (2.6.24-5)
iptables 1.3.6.0debian1-5
# ls /lib/modules/2.6.24-1-686/kernel/net/netfilter/*limit*
/lib/modules/2.6.24-1-686/kernel/net/netfilter/xt_connlimit.ko
/lib/modules/2.6.24-1-686/kernel/net/netfilter/xt_hashlimit.ko
/lib/modules/2.6.24-1-686/kernel/net/netfilter/xt_limit.ko
# iptables -A INPUT -p tcp --dport 80 -m connlimit --connlimit-above
16 --connlimit-mask 24 -j REJECT
iptables: Invalid argument
# dmesg | tail
[snip]
ip_tables: (C) 2000-2006 Netfilter Core Team
nf_conntrack version 0.5.0 (16384 buckets, 65536 max)
ip_tables: connlimit match: invalid size 32 != 16
nora:~# lsmod
Module Size Used by
xt_connlimit 5064 0
nf_conntrack 62272 1 xt_connlimit
xt_tcpudp 3136 0
xt_limit 2656 0
iptable_filter 2976 0
ip_tables 13188 1 iptable_filter
x_tables 14244 4
xt_connlimit,xt_tcpudp,xt_limit,ip_tables
[snip]
And is this a bug or not?
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]