On Tue, 10 Oct 2006, Amos Shapira wrote: > Date: Tue, 10 Oct 2006 22:25:05 +1000 > From: Amos Shapira <[EMAIL PROTECTED]> > To: linux-il <linux-il@linux.org.il> > Subject: Re: Limiting the number of simultaneous HTTP connection per IP > > On 10/10/06, Sagi Bashari <[EMAIL PROTECTED]> wrote: > > > [EMAIL PROTECTED]:~# iptables -A INPUT -p tcp --dport 80 -m connlimit > > --connlimit-above 3 -j REJECT > > iptables: No chain/target/match by that name > > > > Trying this command on my Debian Etch I get: > > $ sudo iptables -A INPUT -p tcp --dport 80 -m connlimit --connlimit-above 3 > -j REJECT > iptables: Unknown error 4294967295 > > This is with iptables 1.3.5.0debian1-1 > > I'm beginning to suspect that this module isn't well debugged - google > around for these error messages.
please note that with iptables, there are 2 modules for each "extra module" - a shared library, to handle the user-space part (recognizing command line options and preparing rules to inject into the kernel), and a kernel module, to handle the actual filtering. it is possible that you have the user-space shared library (what you saw under /lib/iptables/...), but you lack the matching kernel module. -- guy "For world domination - press 1, or dial 0, and please hold, for the creator." -- nob o. dy ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
