|
-
May 6th, 2004, 10:47 PM
#1
iptables and connlimit
helloo friends,
i was just working with iptables and connlimit and facing a little bit of problem i hope u peep can help me out very well.
pls have a look on the command that i executed after fresh installation of iptables from rpm.
[root@MDK10 firewall]# iptables -I INPUT 1 -p tcp --syn --dport 80 -m connlimit ! --connlimit-above 2 -j ACCEPT
iptables: No chain/target/match by that name.
but have a look at this toooo
[root@MDK10 firewall]# iptables -I INPUT 1 -p tcp --syn --dport 80 -m connlimit -j ACCEPT
iptables v1.2.9: You must specify `--connlimit-above'
so connlimit is there and modules gets loaded ( i suppose, coz it shows me the error for incomplete parameters in the second command).
any ideas where i am slipping?
guru@linux:~> who I grep -i blonde I talk; cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep;
-
May 6th, 2004, 10:47 PM
#2
iptables and connlimit
helloo friends,
i was just working with iptables and connlimit and facing a little bit of problem i hope u peep can help me out very well.
pls have a look on the command that i executed after fresh installation of iptables from rpm.
[root@MDK10 firewall]# iptables -I INPUT 1 -p tcp --syn --dport 80 -m connlimit ! --connlimit-above 2 -j ACCEPT
iptables: No chain/target/match by that name.
but have a look at this toooo
[root@MDK10 firewall]# iptables -I INPUT 1 -p tcp --syn --dport 80 -m connlimit -j ACCEPT
iptables v1.2.9: You must specify `--connlimit-above'
so connlimit is there and modules gets loaded ( i suppose, coz it shows me the error for incomplete parameters in the second command).
any ideas where i am slipping?
guru@linux:~> who I grep -i blonde I talk; cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep;
-
May 6th, 2004, 10:57 PM
#3
Re: iptables and connlimit
Originally posted here by NullDevice
[root@MDK10 firewall]# iptables -I INPUT 1 -p tcp --syn --dport 80 -m connlimit ! --connlimit-above 2 -j ACCEPT
iptables: No chain/target/match by that name.
Remove the exclamation mark (!) and see if that fixes the problem. For what you are doing, you can equally do --connlimit-above 2 -j DROP/REJECT. I believe that is the intended use of the connlimit module.
Chris Shepherd
The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
\"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
Is your whole family retarded, or did they just catch it from you?
-
May 6th, 2004, 10:57 PM
#4
Re: iptables and connlimit
Originally posted here by NullDevice
[root@MDK10 firewall]# iptables -I INPUT 1 -p tcp --syn --dport 80 -m connlimit ! --connlimit-above 2 -j ACCEPT
iptables: No chain/target/match by that name.
Remove the exclamation mark (!) and see if that fixes the problem. For what you are doing, you can equally do --connlimit-above 2 -j DROP/REJECT. I believe that is the intended use of the connlimit module.
Chris Shepherd
The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
\"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
Is your whole family retarded, or did they just catch it from you?
-
May 7th, 2004, 06:00 AM
#5
that too doesnt works buddy. i have already tried that
guru@linux:~> who I grep -i blonde I talk; cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep;
-
May 7th, 2004, 06:00 AM
#6
that too doesnt works buddy. i have already tried that
guru@linux:~> who I grep -i blonde I talk; cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep;
-
May 7th, 2004, 01:37 PM
#7
Can't see the problem, it looks very similar to this example:
http://www.netfilter.org/patch-o-mat...base-connlimit
Are you sure this works on INPUT ? Allthough common sense says it should.
Steve
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
-
May 7th, 2004, 01:37 PM
#8
Can't see the problem, it looks very similar to this example:
http://www.netfilter.org/patch-o-mat...base-connlimit
Are you sure this works on INPUT ? Allthough common sense says it should.
Steve
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
-
May 7th, 2004, 05:01 PM
#9
sorry steve that too wont work coz u need to operate on one of chains only. have alook below
[root@MDK10 firewall]# iptables -p tcp --syn --dport 80 -m connlimit ! --connlimit-above 2 -j ACCEPT
iptables v1.2.9: no command specified
Try `iptables -h' or 'iptables --help' for more information.
guru@linux:~> who I grep -i blonde I talk; cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep;
-
May 7th, 2004, 05:01 PM
#10
sorry steve that too wont work coz u need to operate on one of chains only. have alook below
[root@MDK10 firewall]# iptables -p tcp --syn --dport 80 -m connlimit ! --connlimit-above 2 -j ACCEPT
iptables v1.2.9: no command specified
Try `iptables -h' or 'iptables --help' for more information.
guru@linux:~> who I grep -i blonde I talk; cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep;
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote