iptables connlimit/iplimit not working
Bug #60439 reported by
dario
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
linux-source-2.6.15 (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned | ||
linux-source-2.6.20 (Ubuntu) |
Won't Fix
|
Medium
|
Unassigned | ||
linux-source-2.6.22 (Ubuntu) |
Won't Fix
|
Medium
|
Ben Collins |
Bug Description
Currently there's /lib/iptables/
iptables -I INPUT -p tcp -m connlimit --connlimit-above 100 -j REJECT
Same with iplimit.
description: | updated |
Changed in linux-source-2.6.20: | |
assignee: | nobody → ubuntu-kernel-team |
importance: | Undecided → Medium |
Changed in linux-source-2.6.22: | |
assignee: | nobody → ubuntu-kernel-team |
importance: | Undecided → Medium |
status: | New → Triaged |
Changed in linux-source-2.6.20: | |
status: | Confirmed → Triaged |
Changed in linux-source-2.6.15: | |
status: | New → Incomplete |
To post a comment you must log in.
Proposed solution:
1. download patch-o-matic-ng snapshot from ftp.netfilter. org/pub/ patch-o- matic-ng/ snapshot/ people. netfilter. org/ole/ pom/connlimit . matic/patchlets /
http://
2. download iptables from ... similar place :-)
3. download connlimit patch from http://
4. unpack connlimit:
tar xzvf connlimit to unpacked patch-o-
5. modify "info" file in patchlets/connlimit directory, so it looks like this:
Title: iptables connlimit match
Author: Gerd Knorr <email address hidden>
Status: ItWorksForMe[tm]
Repository: extra
Requires: linux > 2.6.0
6. cd ../.. back to patch-o-matic top and configure by
./runme extra
7. select connlimit option to Y IP_NF_MATCH_ CONNLIMIT= m)
8. go to Linux directory and make menuconfig to make sure that the new connlimit module is going to be compiled (CONFIG_
9. compile Linux kernel