Red Hat Bugzilla – Bug 208014
libipt_dstlimit missing from iptables package
Last modified: 2007-11-16 20:14:54 EST
Description of problem:
Error when trying to insert iptables rule with -m dstlimit flag. Reports
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. load iptables
2. try to add rule with -m dstlimit
iptables v1.2.11: Couldn't load match
`dstlimit':/lib/iptables/libipt_dstlimit.so: cannot open shared object file: No
such file or directory
Rule to load - no error
There is no dstlimit netfilter kernel module in the current RHEL-4 kernel and
ipt_dstlimit.h in not part of glibc-kernheaders.
Please apply to kernel and glibc-kernheaders for inclusion of dstlimit, then
reapply to iptables.
BTW: dstlimit is not part of the standard iptables build.
Request moved to glibc-kernheaders.
Can we get the dstlimit included in iptables?
Not a lot of point in that unless we add the feature to our kernel.
There are actually two requests here:
dstlimit support in kernel, and to have glibc-kernheader headerfile for
inclusion in U6. This bug is to track the kernel header file inclusion.
So clone this RFE for dstlimit support in the kernel, and
clone this REF to include libipt_dstlimit into iptables package.
Adding the FutureFeature Keyword.
As this is a feature request we will need a proper business justification to add
it to RHEL4.
At this point the threshhold will be very high, so PM NAKing for now. Will need
to be re-requested.
Upstream the module has been deprecated and replaced by hashlimit. That is in RHEL5
Product Management has reviewed and declined this request. You may appeal this
decision by reopening this request.