Mailinglist Archive: opensuse-kernel (34 mails)
| < Previous | Next > |
[opensuse-kernel] kernel update --> problem iptables connlimit
- From: Andre Hübner <andre.huebner@xxxxxx>
- Date: Thu, 19 Mar 2009 10:58:20 +0100
- Message-id: <5DCD977A82FF4E9BBE81EA6CA426605F@xxxxxxxxx>
Hello,
i try to build latest kernel-bigsmp for suse 10.3 on my own. (I build on suse 10.1 for testing purposes)
kernel source is this:
http://www.linux-magazin.de/dfn_cert_advisories/suse_schwachstellen_im_opensuse_10_3_kernel_suse_sa_2009_004
I do an unrpm and build on my own, spec-File for RPM is unchanged.
I also had to update some other packages but building, installing, running is ok but now i have an Problem with iptables and connlimit modul.
I add an Chain with:
iptables -N MY_TESTCHAIN
and want to restrict a port to max connlimit with:
iptables -A MY_TESTCHAIN -p tcp --dport 25 -m connlimit --connlimit-above 500 -j DROP
execution shows:
iptables: No chain/target/match by that name
iptables has connlimit-support
Files exists:
/usr/lib/iptables/libxt_connbytes.so
/usr/lib/iptables/libxt_connmark.so
/usr/lib/iptables/libxt_connlimit.so
/usr/lib/iptables/libipt_conntrack.so
and execution of:
iptables -m connlimit -h
also works and connlimit works with further kernel.
I do not really know the corresponding kernel-modul which should be activated. (and how ;) ) Seems not to be included by default?
any suggestions/workaround?
What should i do now?
Thanks,
Andre
--
To unsubscribe, e-mail: opensuse-kernel+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-kernel+help@xxxxxxxxxxxx
i try to build latest kernel-bigsmp for suse 10.3 on my own. (I build on suse 10.1 for testing purposes)
kernel source is this:
http://www.linux-magazin.de/dfn_cert_advisories/suse_schwachstellen_im_opensuse_10_3_kernel_suse_sa_2009_004
I do an unrpm and build on my own, spec-File for RPM is unchanged.
I also had to update some other packages but building, installing, running is ok but now i have an Problem with iptables and connlimit modul.
I add an Chain with:
iptables -N MY_TESTCHAIN
and want to restrict a port to max connlimit with:
iptables -A MY_TESTCHAIN -p tcp --dport 25 -m connlimit --connlimit-above 500 -j DROP
execution shows:
iptables: No chain/target/match by that name
iptables has connlimit-support
Files exists:
/usr/lib/iptables/libxt_connbytes.so
/usr/lib/iptables/libxt_connmark.so
/usr/lib/iptables/libxt_connlimit.so
/usr/lib/iptables/libipt_conntrack.so
and execution of:
iptables -m connlimit -h
also works and connlimit works with further kernel.
I do not really know the corresponding kernel-modul which should be activated. (and how ;) ) Seems not to be included by default?
any suggestions/workaround?
What should i do now?
Thanks,
Andre
--
To unsubscribe, e-mail: opensuse-kernel+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-kernel+help@xxxxxxxxxxxx
| < Previous | Next > |