From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <lakostis@unsafe.ru>
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on sa.int.altlinux.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.7 required=5.0 tests=AWL,BAYES_00 autolearn=ham
	version=3.2.4
Date: Thu, 19 Jun 2008 02:13:18 +0400
From: "Konstantin A. Lepikhov" <lakostis@unsafe.ru>
To: ALT Linux sysadmin discuss <sysadmins@lists.altlinux.org>
Message-ID: <20080618221318.GC15334@lks.home>
References: <ce85d6f40806171811p41320144u3bcd023895e8deb7@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <ce85d6f40806171811p41320144u3bcd023895e8deb7@mail.gmail.com>
X-Operation-System: ALT Linux Sisyphus (20071221) 2.6.26-wks-pae-alt0.4
User-Agent: Mutt/1.5.17 (2007-11-01)
Subject: Re: [Sysadmins] iptables connlimit
X-BeenThere: sysadmins@lists.altlinux.org
X-Mailman-Version: 2.1.10b3
Precedence: list
Reply-To: ALT Linux sysadmin discuss <sysadmins@lists.altlinux.org>
List-Id: ALT Linux sysadmin discuss <sysadmins.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/listinfo/sysadmins>,
	<mailto:sysadmins-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/sysadmins>
List-Post: <mailto:sysadmins@lists.altlinux.org>
List-Help: <mailto:sysadmins-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/sysadmins>,
	<mailto:sysadmins-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Jun 2008 22:13:27 -0000
Archived-At: <http://lore.altlinux.org/sysadmins/20080618221318.GC15334@lks.home/>
List-Archive: <http://lore.altlinux.org/sysadmins/>

Hi JaMm!

Wednesday 18, at 12:11:35 PM you wrote:

> Здравствуйте!
> Система altlinux server 4.0.1
> 2.6.18-ovz-smp-alt14 #1 SMP Wed May 2 15:41:15 MSD 2007 i686 GNU/Linux
> iptables-1.3.7-alt1
> пытаюсь применить правило вида
> $IPTABLES -A INPUT -i eth0 -p tcp --syn --dport 25 -m connlimit
> --connlimit-above 2 -j REJECT
> получаю
> iptables: No chain/target/match by that name
> Возможно нет необходимого модуля ipt_limit, но как его скомпилировать и
> подгрузить в ядро без пересборки? Есть способ?
> 
> Module Size Used by
> xt_limit 3840 0
> xt_comment 2944 5
> ipt_ttl 2944 0
> ipt_TCPMSS 5248 0
> ipt_tos 2688 0
> ipt_REJECT 6400 0
> ipt_REDIRECT 3200 1
> iptable_nat 10884 1
> ip_nat 19856 3 vzrst,ipt_REDIRECT,iptable_nat
> iptable_mangle 5760 0
> ipt_hashlimit 10120 1
> xt_tcpudp 4224 5
> xt_state 3328 2
> ip_conntrack 61252 5 vzrst,vzcpt,iptable_nat,ip_nat,xt_state
> nfnetlink 7960 2 ip_nat,ip_conntrack
> xt_multiport 4480 1
> iptable_filter 5632 1
> ip_tables 15592 3 iptable_nat,iptable_mangle,iptable_filter
> x_tables 17156 13
> xt_limit,xt_comment,ipt_ttl,ipt_TCPMSS,ipt_tos,ipt_REJECT,ipt_REDIRECT,iptable_nat,ipt_hashlimit,xt_tcpudp,xt_state,xt_multiport,ip_tables
> dm_mod 57368 0
> 
> В /lib/modules ipt_limit то же нет.
> И что за модуль за такой xt_limit?
В бранче тухлые iptables, которые не знают вообще про connlimit. Вариант -
пересобрать новые iptables из сизифа, или собрать самому.

-- 
WBR et al.