Re: [gentoo-user] How to install iplimit?
I would like to use iplimit in my firewall. I'm still using 2.6.11-r9, but, it appears to be in yours too. From make menuconfig under the 2.6.11-r9 it is here: [...] m limit match support It is not this module. limit module can limit number of packets in specified amount of time. But I want to limit number of parallel connections from define IP. Ups... I've had the old news about iplimit. There is a feature, which I would like to use in ipt_limit module, as Chad Feller wrote. The module to enable in iptables (-m) is called connlimit, not iplimit. But I have now another problem. When I want to use connlimit module, I always get iptables error: iptables: No chain/target/match by that name For example: # lsmod | grep limit ipt_limit 2240 2 iptables -A FORWARD -o eth2 -s 192.168.0.12 \ -m connlimit --connlimit-above 60 -j REJECT iptables: No chain/target/match by that name Any other rules (not -m connlimit) added to FORWARD chain are working well. I've tried to compile ipt_limit in kernel (not as module), but the error appears also. -- MZ -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] How to install iplimit?
I would like to use iplimit in my firewall. I'm still using 2.6.11-r9, but, it appears to be in yours too. From make menuconfig under the 2.6.11-r9 it is here: [...] m limit match support It is not this module. limit module can limit number of packets in specified amount of time. But I want to limit number of parallel connections from define IP. Look: http://www.netfilter.org/documentation/HOWTO//netfilter-extensions-HOWTO-3.html#ss3.5 -- Mariusz Zalewski [EMAIL PROTECTED] -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] How to install iplimit?
I would like to use iplimit in my firewall. Did you check for new netfilter options in kernel config after installing iptables extensions? Did /usr/src/linux point to correct location when you were installing the patches? This is just a guess. Didn't do that myself. Sasha -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] How to install iplimit?
Hello,
I'm still using 2.6.11-r9, but, it appears to be in yours too. From
make menuconfig under the 2.6.11-r9 it is here:
Device Drivers ---
Networking support --
[*] Networking Support
Networking options ---
[*] Network packet filtering (replaces ipchains)
IP: Netfilter Configuration ---
m IP tables support (required for
filtering/masq/NAT)
m limit match support
From a 2.6.15-r7 kernel:
Networking ---
Networking options ---
[*] Network packet filtering (replaces ipchains)
IP: Netfilter Configuration ---
m IP tables support (required for
filtering/masq/NAT)
m limit match support
The kernel module would be called ipt_limit in both cases.
Mariusz Zalewski wrote:
Hello
I would like to use iplimit in my firewall.
I use iptables-1.3.4 with extensions USE flag and
gentoo-sources-2.6.15-r1
I can't find iplimit module in that kernel:
# grep -i iplimit /usr/src/linux/.confg
{none}
How to install iplimit on my server? What should I do? Maybe there is
other module, that can restrict number of connections from define IP
address?
P.S. Sorry about crosspost - I've send this message few days ago to
gentoo-security mail list, but nobody reply.
--
gentoo-user@gentoo.org mailing list
