Bug 208014

Summary: libipt_dstlimit missing from iptables package
Product: Red Hat Enterprise Linux 4 Reporter: Terry Jones <terryj>
Component: glibc-kernheadersAssignee: David Woodhouse <dwmw2>
Status: CLOSED WONTFIX QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.4CC: tao
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-12-08 14:30:54 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 218848    

Description Terry Jones 2006-09-25 20:41:36 UTC 
Description of problem:
Error when trying to insert iptables rule with -m dstlimit flag. Reports
libipt_dstlimit.so missing

Version-Release number of selected component (if applicable):
1.2.11

How reproducible:
Every time

Steps to Reproduce:
1. load iptables
2. try to add rule with -m dstlimit 
3.
  
Actual results:
Error message:
iptables v1.2.11: Couldn't load match
`dstlimit':/lib/iptables/libipt_dstlimit.so: cannot open shared object file: No
such file or directory

Expected results:
Rule to load - no error

Additional info:
Comment 1 Thomas Woerner 2006-09-26 10:05:17 UTC 
There is no dstlimit netfilter kernel module in the current RHEL-4 kernel and
ipt_dstlimit.h in not part of glibc-kernheaders.

Please apply to kernel and glibc-kernheaders for inclusion of dstlimit, then
reapply to iptables. 
BTW: dstlimit is not part of the standard iptables build.
Comment 2 Terry Jones 2006-09-26 16:08:05 UTC 
Request moved to glibc-kernheaders.

Can we get the dstlimit included in iptables?
Comment 3 David Woodhouse 2006-12-07 19:18:18 UTC 
Not a lot of point in that unless we add the feature to our kernel.
Comment 4 Linda Wang 2006-12-07 20:42:03 UTC 
There are actually two requests here:
dstlimit support in kernel, and to have glibc-kernheader headerfile for
inclusion in U6.  This bug is to track the kernel header file inclusion.
So clone this RFE for dstlimit support in the kernel, and
clone this REF to include libipt_dstlimit into iptables package.
Comment 5 Daniel Riek 2006-12-08 14:16:45 UTC 
Adding the FutureFeature Keyword.

As this is a feature request we will need a proper business justification to add
it to RHEL4.

At this point the threshhold will be very high, so PM NAKing for now. Will need
to be re-requested.

PM NACK
Comment 6 Daniel Riek 2006-12-08 14:21:58 UTC 
Additional information:
Upstream the module has been deprecated and replaced by hashlimit. That is in RHEL5
Comment 7 RHEL Program Management 2006-12-08 14:30:54 UTC 
Product Management has reviewed and declined this request.  You may appeal this
decision by reopening this request.