Red Hat Bugzilla – Bug 222116
connlimit filter doesn't work in 1.3.5 version of iptables
Last modified: 2007-11-30 17:11:52 EST
Description of problem:
Also applies to FC5.
Please have a look at iptables-1.3.8-2.fc6 in the testing tree.
I do not see any new iptables in updates-testing:
nor for i386 at this time.
The package was in testing now for some time - pushing to final.
I have this version of iptables now, but there is now NO connlimit at all.
iptables -A FORWARD -p tcp --dport 0:65535 --syn -m connlimit --connlimit-above
50 --connlimit-mask 32 -j REJECT --reject-with tcp-reset
iptables v1.3.8: Couldn't load match
`connlimit':/lib64/iptables/libipt_connlimit.so: cannot open shared object file:
No such file or directory
OK, so according to bugzilla entry at bugzilla.netfilter.org (now it is down)
this is exntesion which was maintained externaly to netfilter team.
This extension is still in the svn
but is not included in 1.3.8 package. I did not try wherether it is working or not.
The connlimit module is not part of the iptables 1.3.8 tarball. The link you
provided is a reference for the libxt_connlimit module, which was to the
repository added some weeks ago.
I am sorry, but there is no connlimit support at the moment. Closing as
"CANTFIX" for now.
There should be a new iptables version soon.