From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.54) id 1FRII0-0008Qq-8F for garchives@archives.gentoo.org; Thu, 06 Apr 2006 00:23:56 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.6/8.13.5) with SMTP id k360Msu1015560; Thu, 6 Apr 2006 00:22:54 GMT Received: from wshe.lodz.pl (epipe.wshe.lodz.pl [194.42.117.5]) by robin.gentoo.org (8.13.6/8.13.5) with SMTP id k360B2Sa032023 for ; Thu, 6 Apr 2006 00:11:03 GMT Received: (qmail 25979 invoked by uid 2660); 6 Apr 2006 00:11:02 -0000 Received: from localhost (HELO ?83.10.9.51?) (127.0.0.1) by localhost with SMTP; 6 Apr 2006 00:11:01 -0000 Message-ID: <44345C97.4040405@mala.aluzja.net> Date: Thu, 06 Apr 2006 02:11:03 +0200 From: Mariusz Zalewski User-Agent: Thunderbird 1.5 (Windows/20051201) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: [gentoo-user] Connlimit (iptables) Content-Type: text/plain; charset=ISO-8859-2 Content-Transfer-Encoding: 7bit X-Anti-Virus: Kaspersky Anti-Virus for MailServers 5.5.3/RELEASE, bases: 06042006 #175182, status: clean X-Archives-Salt: bc4fe4ce-49f0-47a2-8296-8dce21abcf3e X-Archives-Hash: cdec091304541781df92ed6d640ec5a3 Hello. I have problem with connlimit module for iptables. ~ # uname -r 2.6.15-gentoo-r1 ~ # grep -i match_limit /usr/src/linux/.config CONFIG_IP_NF_MATCH_LIMIT=m ~ # lsmod | grep limit ipt_limit 2240 2 ~ # iptables -V iptables v1.3.4 ~ # equery uses iptables [ Searching for packages matching iptables... ] [ Colour Code : set unset ] [ Legend : Left column (U) - USE flags from make.conf ] [ : Right column (I) - USE flags packages was installed with ] [ Found these USE variables for net-firewall/iptables-1.3.4 ] U I + + extensions : Enable support for 3rd patch-o-matic extensions - - ipv6 : Adds support for IP version 6 - - static : !!do not set this during bootstrap!! Causes binaries to be statically linked instead of dynamically --- end of code ... and finally: ~ # iptables -I OUTPUT -m connlimit --connlimit-above 50 -j DROP iptables: No chain/target/match by that name There is different error information in newer version (1.3.5) of iptables: Code: ~ # iptables -I OUTPUT -m connlimit --connlimit-above 50 -j DROP iptables: Unknown error 4294967295 Other rules added to OUTPUT chain works fine, only connlimit produce errors. Is it a bug (should I send it on bugtrack) or there is something wrong with my system or bad syntax with using connlimit? -- Best regards, MZ -- gentoo-user@gentoo.org mailing list