Bug 222116

Summary: connlimit filter doesn't work in 1.3.5 version of iptables
Product: [Fedora] Fedora Reporter: Adam Pribyl <covex>
Component: iptablesAssignee: Thomas Woerner <twoerner>
Status: CLOSED CANTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 6   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
URL: https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=515
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-09-24 14:51:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Adam Pribyl 2007-01-10 14:59:15 UTC 
Description of problem:
See https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=515

Additional info:
Also applies to FC5.
Comment 1 Thomas Woerner 2007-08-29 14:49:15 UTC 
Please have a look at iptables-1.3.8-2.fc6 in the testing tree.
Comment 2 Adam Pribyl 2007-08-29 16:17:57 UTC 
I do not see any new iptables in updates-testing:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/x86_64/
nor for i386 at this time.
Comment 3 Thomas Woerner 2007-09-10 08:48:19 UTC 
The package was in testing now for some time - pushing to final.
Comment 4 Adam Pribyl 2007-09-21 21:05:55 UTC 
I have this version of iptables now, but there is now NO connlimit at all.

iptables -A FORWARD -p tcp --dport 0:65535 --syn -m connlimit --connlimit-above
50 --connlimit-mask 32 -j REJECT --reject-with tcp-reset
iptables v1.3.8: Couldn't load match
`connlimit':/lib64/iptables/libipt_connlimit.so: cannot open shared object file:
No such file or directory
Comment 5 Adam Pribyl 2007-09-21 21:18:05 UTC 
OK, so according to bugzilla entry at bugzilla.netfilter.org (now it is down)
this is exntesion which was maintained externaly to netfilter team. 

This extension is still in the svn
http://svn.netfilter.org/cgi-bin/viewcvs.cgi/trunk/iptables/extensions/libxt_connlimit.c?rev=7015&view=log
but is not included in 1.3.8 package. I did not try wherether it is working or not.
Comment 6 Thomas Woerner 2007-09-24 14:51:20 UTC 
The connlimit module is not part of the iptables 1.3.8 tarball. The link you
provided is a reference for the libxt_connlimit module, which was to the
repository added some weeks ago.

I am sorry, but there is no connlimit support at the moment. Closing as
"CANTFIX" for now.

There should be a new iptables version soon.