* [bug-reaport] netfilter extentions iplimit mod bugs.
@ 2003-07-14 3:27 yh
2003-07-16 16:59 ` Harald Welte
0 siblings, 1 reply; 2+ messages in thread
From: yh @ 2003-07-14 3:27 UTC (permalink / raw)
To: netfilter-devel
HI guys,
I download netfilter extentions via cvs yestoday, the iplimit code has some bug, in 214 lin in linux/net/ipv4/netfilter/ipt_connlimit.c
static struct ipt_match connlimit_match
= { { NULL, NULL }, "connlimit", &match, &check, &destroy, THIS_MODULE };
notic the "connlimit", it's must should be "iplimit", I don't know when it was changed, but the userspace tool iptable haven't changed yet. so when you type "iptables -A INPUT -p tcp --syn --dport http -m iplimit --iplimit-above 4 -j REJECT" , the result is "Invailid command."..:)
change the "connlimit" into "iplimit", recompiled kernel, it's OK now.;)
by the way, I wan to know when the netfilter will wok will in kernel 2.5.* ? until 2.6 release? ( yestoday, I compiled kernel 2.5.74, build netfilter with in, but iptables reaport that "no 'filter' table in kernel".)
-------------
thx all guy work for netfilter project..
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [bug-reaport] netfilter extentions iplimit mod bugs.
2003-07-14 3:27 [bug-reaport] netfilter extentions iplimit mod bugs yh
@ 2003-07-16 16:59 ` Harald Welte
0 siblings, 0 replies; 2+ messages in thread
From: Harald Welte @ 2003-07-16 16:59 UTC (permalink / raw)
To: yh; +Cc: netfilter-devel
[-- Attachment #1: Type: text/plain, Size: 1724 bytes --]
On Mon, Jul 14, 2003 at 11:27:28AM +0800, yh wrote:
> HI guys,
>
> I download netfilter extentions via cvs yestoday, the iplimit code has some bug, in 214 lin in linux/net/ipv4/netfilter/ipt_connlimit.c
>
> static struct ipt_match connlimit_match
> = { { NULL, NULL }, "connlimit", &match, &check, &destroy, THIS_MODULE };
>
> notic the "connlimit", it's must should be "iplimit", I don't know
> when it was changed, but the userspace tool iptable haven't changed
> yet. so when you type "iptables -A INPUT -p tcp --syn --dport http -m
> iplimit --iplimit-above 4 -j REJECT" , the result is "Invailid
> command."..:)
>
> change the "connlimit" into "iplimit", recompiled kernel, it's OK now.;)
It seems like your userspace iptables is out of date.. (i.e. using an
old iptables version with a very recent patch-o-matic). The solution is
to upgrade your iptables program, rather than patching anything.
> by the way, I wan to know when the netfilter will wok will in kernel
> 2.5.* ? until 2.6 release? ( yestoday, I compiled kernel 2.5.74, build
> netfilter with in, but iptables reaport that "no 'filter' table in
> kernel".)
Well, at least with 2.5.70 and 2.5.72 (the last version I've tried) it
was working.
Did you try to recompile the iptables userspace program?
> thx all guy work for netfilter project..
--
- Harald Welte <laforge@netfilter.org> http://www.netfilter.org/
============================================================================
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimentation was going
on while IP was being designed." -- Paul Vixie
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2003-07-16 16:59 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-07-14 3:27 [bug-reaport] netfilter extentions iplimit mod bugs yh
2003-07-16 16:59 ` Harald Welte
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.