Alexandr Shurigin a écrit :
>
> debian:/lib# iptables -A INPUT -p tcp --syn --dport 3128 -m connlimit !
> --connlimit-above 5 -j ACCEPT
> iptables: No chain/target/match by that name
>
> debian:/lib# modprobe ipt_connlimit
> FATAL: Module ipt_connlimit not found.
[...]
> how to install connlimit module ?
>
> debian:/lib# uname -a
> Linux debian 2.6.18-5-686 #1 SMP Sat Dec 1 22:58:58 UTC 2007 i686 GNU/Linux
The 'connlimit' match support is not included in the mainline kernel
before version 2.6.23. For earlier kernel versions, you must patch the
sources with the patch-o-matic-ng [1]. Note that the 'connlimit' patch
is not included any more in the latest patch-o-matic-ng snapshots and
must be downloaded separately [2]. The patch-o-matic-ng may also require
the iptables sources [3].
[1] <http://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot/>
[2] Run "./runme --download" in the patch-o-matic-ng directory before
applying the patch by running "./runme connlimit". Then enable the
connlimit match in the kernel config options and rebuild the kernel.
[3] <http://ftp.netfilter.org/pub/iptables/>
--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
No comments:
Post a Comment