| Author |
Message |
waster
Joined: 18 Mar 2008
Posts: 4
|
| Posted: Thu Mar 20, 2008 8:53 am Post subject: iptables+connlimit |
|
|
Hello,
Was playing with the iptables and suddenly had the problem.
I'v tried to add the following rule to limit number of connections to 80 port:
-A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 5 -j REJECT
And get the following error in /var/log/messages:
kernel: ip_tables: connlimit match: invalid size 32 != 16
Do zcat /proc/config.gz | grep -i connlimit and get CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y - so connlimit is supported by the kernel?
Is it possible to load connlimit iptables module or it is a bug?
OS: Debian 4.0
IPTables: 1.3.6.0 |
|
| Back to top |
|
Stever
Joined: 07 Dec 2007
Posts: 41
Location: NC, USA
|
| Posted: Thu Mar 20, 2008 1:12 pm Post subject: |
|
|
| I have seen messages sorta like that when iptables was built against a different kernel than that which is running. I don't know which distro you are using, but that may be the direction to start looking. |
|
| Back to top |
|
waster
Joined: 18 Mar 2008
Posts: 4
|
| Posted: Thu Mar 20, 2008 3:07 pm Post subject: |
|
|
| IPtables was installed using apt-get, so I think the problem is not in compatibility. |
|
| Back to top |
|
Jay
Joined: 14 Nov 2004
Posts: 125
Location: NC, USA
|
| Posted: Thu Mar 20, 2008 7:31 pm Post subject: |
|
|
waster wrote: IPtables was installed using apt-get, so I think the problem is not in compatibility.
Actually, it very well could be.
Linodes use custom built kernels, not the "standard" kernel. |
|
| Back to top |
|
dswartz
Joined: 18 Feb 2008
Posts: 11
|
| Posted: Mon Mar 24, 2008 1:20 pm Post subject: sounds like a compatibility issue |
|
|
| the size 32 != 16 sounds like one piece wants a shortword and the other a longword. a sanity check, in other words... |
|
| Back to top |
|
| |
