Bug 522000 - [RFE ] Connlimit kernel module support [rhel-4.9]
Summary: [RFE ] Connlimit kernel module support [rhel-4.9]
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: kernel
Version: 4.9
Hardware: All
OS: Linux
urgent
high
Target Milestone: rc
: ---
Assignee: Jiri Pirko
QA Contact: Evan McNabb
URL:
Whiteboard:
Depends On: 483588 525132
Blocks: 563222 563223
TreeView+ depends on / blocked
 
Reported: 2009-09-09 03:07 UTC by Eugene Teo (Security Response)
Modified: 2015-05-05 01:17 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of: 483588
Environment:
Last Closed: 2011-02-16 15:43:45 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:0263 normal SHIPPED_LIVE Important: Red Hat Enterprise Linux 4.9 kernel security and bug fix update 2011-02-16 15:14:55 UTC

Description Eugene Teo (Security Response) 2009-09-09 03:07:30 UTC
+++ This bug was initially created as a clone of Bug #483588 +++

Support for connlimit in the kernel was added in Red Hat Enterprise Linux 5 via the advisory RHSA-2009:1243. This bug was filed to ensure that we also provide support for connlimit on Red Hat Enterprise Linux 4.

# cat /etc/redhat-release 
Red Hat Enterprise Linux AS release 4 (Nahant Update 8)
# uname -rm
2.6.9-89.7.EL i686
# iptables -A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 15 -j REJECT
iptables: No chain/target/match by that name

http://linux.chinaunix.net/bbs/viewthread.php?tid=793083###

AFAIK, the iptables package has support for connlimit, but the kernel needs to provide the required module in order for this feature to work.

This is related to bug 483588.

We will need this in 4.8.z as well.

Comment 2 Jiri Pirko 2009-09-23 14:10:50 UTC
depends on iptables package simple change.

Comment 11 Vivek Goyal 2010-04-05 19:31:01 UTC
Committed in 89.22.EL . RPMS are available at http://people.redhat.com/vgoyal/rhel4/

Comment 17 errata-xmlrpc 2011-02-16 15:43:45 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-0263.html


Note You need to log in before you can comment on or make changes to this bug.