Hello,

I have similar problem here with two boxes both running etch.
I'm trying to load next firewall rules:
iptables -A INPUT -p tcp --dport 80 -m connlimit --connlimit-above 16 --connlimit-mask 24 -j REJECT

box1:
linux-image-2.6.18-4-686 (2.6.18.dfsg.1-12etch2)
iptables 1.3.6.0debian1-5

# ls /lib/modules/2.6.18-4-686/kernel/net/netfilter/*limit*
/lib/modules/2.6.18-4-686/kernel/net/netfilter/xt_limit.ko

# iptables -A INPUT -p tcp --dport 80 -m connlimit --connlimit-above 16 --connlimit-mask 24 -j REJECT
iptables: No chain/target/match by that name

That is OK as I don't have xt_connlimit.ko module in this kernel, so there is no bug, right?


box2:
linux-image-2.6.24-1-686 (2.6.24-5)
iptables 1.3.6.0debian1-5

# ls /lib/modules/2.6.24-1-686/kernel/net/netfilter/*limit*
/lib/modules/2.6.24-1-686/kernel/net/netfilter/xt_connlimit.ko
/lib/modules/2.6.24-1-686/kernel/net/netfilter/xt_hashlimit.ko
/lib/modules/2.6.24-1-686/kernel/net/netfilter/xt_limit.ko

# iptables -A INPUT -p tcp --dport 80 -m connlimit --connlimit-above 16 --connlimit-mask 24 -j REJECT
iptables: Invalid argument

# dmesg | tail
[snip]
ip_tables: (C) 2000-2006 Netfilter Core Team
nf_conntrack version 0.5.0 (16384 buckets, 65536 max)
ip_tables: connlimit match: invalid size 32 != 16

nora:~# lsmod
Module                  Size  Used by
xt_connlimit            5064  0
nf_conntrack           62272  1 xt_connlimit
xt_tcpudp               3136  0
xt_limit                2656  0
iptable_filter          2976  0
ip_tables              13188  1 iptable_filter
x_tables 14244 4 xt_connlimit,xt_tcpudp,xt_limit,ip_tables
[snip]

And is this a bug or not?



--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to