Description of problem: See https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=515 Additional info: Also applies to FC5.
Please have a look at iptables-1.3.8-2.fc6 in the testing tree.
I do not see any new iptables in updates-testing: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/x86_64/ nor for i386 at this time.
The package was in testing now for some time - pushing to final.
I have this version of iptables now, but there is now NO connlimit at all. iptables -A FORWARD -p tcp --dport 0:65535 --syn -m connlimit --connlimit-above 50 --connlimit-mask 32 -j REJECT --reject-with tcp-reset iptables v1.3.8: Couldn't load match `connlimit':/lib64/iptables/libipt_connlimit.so: cannot open shared object file: No such file or directory
OK, so according to bugzilla entry at bugzilla.netfilter.org (now it is down) this is exntesion which was maintained externaly to netfilter team. This extension is still in the svn http://svn.netfilter.org/cgi-bin/viewcvs.cgi/trunk/iptables/extensions/libxt_connlimit.c?rev=7015&view=log but is not included in 1.3.8 package. I did not try wherether it is working or not.
The connlimit module is not part of the iptables 1.3.8 tarball. The link you provided is a reference for the libxt_connlimit module, which was to the repository added some weeks ago. I am sorry, but there is no connlimit support at the moment. Closing as "CANTFIX" for now. There should be a new iptables version soon.