iptables connlimit problem

[jmsykim]

Hi,
I installed the CentOS4.4 (2.4.9-42.EL) and set up the iptables.

However I got a problem in the following:

# iptables -A INPUT -p tcp --dport 80 -m connlimit --connlimit-above 10 -j DROP
the error:
iptables: No chain/target/match by that name

Is there anything wrong? I think not in the sentence.

And, If I execute:
# iptables -m connlimit -h
....
connlimit v1.2.11 options:
[!] --connlimit-above n match if the number of existing tcp connections is (not) above n
--connlimit-mask n group hosts using mask

It means the connlimit is available in the system.

Can anybody help me, please?

[gmin1004]

Hi...

CentOS can't support iptables connlimit modules.

If you wanna use connlimit module, you have to upgrade kernel >= 2.6.29

And you have to choose some feature in menuconfig...