Bug 222116 - connlimit filter doesn't work in 1.3.5 version of iptables
connlimit filter doesn't work in 1.3.5 version of iptables
Product: Fedora
Classification: Fedora
Component: iptables (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Thomas Woerner
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2007-01-10 09:59 EST by Adam Pribyl
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-09-24 10:51:20 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Adam Pribyl 2007-01-10 09:59:15 EST
Description of problem:
See https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=515

Additional info:
Also applies to FC5.
Comment 1 Thomas Woerner 2007-08-29 10:49:15 EDT
Please have a look at iptables-1.3.8-2.fc6 in the testing tree.
Comment 2 Adam Pribyl 2007-08-29 12:17:57 EDT
I do not see any new iptables in updates-testing:
nor for i386 at this time.
Comment 3 Thomas Woerner 2007-09-10 04:48:19 EDT
The package was in testing now for some time - pushing to final.
Comment 4 Adam Pribyl 2007-09-21 17:05:55 EDT
I have this version of iptables now, but there is now NO connlimit at all.

iptables -A FORWARD -p tcp --dport 0:65535 --syn -m connlimit --connlimit-above
50 --connlimit-mask 32 -j REJECT --reject-with tcp-reset
iptables v1.3.8: Couldn't load match
`connlimit':/lib64/iptables/libipt_connlimit.so: cannot open shared object file:
No such file or directory
Comment 5 Adam Pribyl 2007-09-21 17:18:05 EDT
OK, so according to bugzilla entry at bugzilla.netfilter.org (now it is down)
this is exntesion which was maintained externaly to netfilter team. 

This extension is still in the svn
but is not included in 1.3.8 package. I did not try wherether it is working or not.
Comment 6 Thomas Woerner 2007-09-24 10:51:20 EDT
The connlimit module is not part of the iptables 1.3.8 tarball. The link you
provided is a reference for the libxt_connlimit module, which was to the
repository added some weeks ago.

I am sorry, but there is no connlimit support at the moment. Closing as
"CANTFIX" for now.

There should be a new iptables version soon.

Note You need to log in before you can comment on or make changes to this bug.