Alin Nastac wrote: Iulian wrote: Scuze am facut paste aiurea.... iptables -A PREROUTING -t nat -p tcp --syn --dport 80 -m connlimit --connlimit-above 16 --connlimit-mask 24-j REJECT iptables: No chain/target/match by that name Ca regula generala: nu pui filtre in tabela nat - daca vrei in chain PREROUTING mai bine le pui in mangle. Iar daca le pui in PREROUTING, --syn e cam in plus. Presupunere: cred ca nu ii convine ca -t nat e dupa -A PREROUTING. Tabela default e filter, care nu are acest chain. Ia-o step-by-step: intii pui o regula doar cu -m connlimit, apoi adaugi -p tcp, ... --- Detalii despre listele noastre de mail: http://www.lug.ro/[1] In help-ul extensiei connlimit da exemplul asta Examples:
# allow 2 telnet connections per client host iptables -p tcp --syn --dport 23 -m connlimit --connlimit-above 2 -j REJECT care la mie da eroare iptables v1.2.9: no command specified si daca dau iptables -A INPUT -p tcp --syn --dport 23 -m connlimit --connlimit-above 2 -j REJECT, da iptables: No chain/target/match by that name .......nu cumva extensia se poate folosi numai intr-un anumit context(numai intr-un anumit lant, de ex.)? --- Links --- 1 http://www.lug.ro/ --- Detalii despre listele noastre de mail: http://www.lug.ro/
