On Tue, 08 Mar 2005 00:42:01 +0100 Bernd Eckenfels <[EMAIL PROTECTED]> wrote:
> In article <[EMAIL PROTECTED]> you wrote: > >> >server# iptables -A INPUT -p tcp --dport 80 -m connlimit > >--connlimit-above > >3 -j REJECT --reject-with tcp-reset > > Have you tried: > > iptables -m connlimit -h > > does it show the connlimit options? > > BTW: my iptables manpage knows about -m connrate --connrate <from>:<to>, > but it is clearly not available on my system. > > Perhaps it is easiest if you strace the command. Also try to skip single > parameters (like --reject-with tcp-reset) > server# iptables -m connlimit -h connlimit v1.2.11 options: [!] --connlimit-above n match if the number of existing tcp connections is (not) above n --connlimit-mask n group hosts using mask server# iptables -A INPUT -p tcp --dport 80 -m connlimit --connlimit-above 3 -j REJECT iptables: No chain/target/match by that name I use plain sarge (no patches, default kernel, default iptables) -- Best regards, Minta Adrian -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
