OpenWrt Forum Archive

Topic: iptables connlimit match doesn 't work ?

The content of this topic has been archived on 14 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
jopi
18 Nov 2004, 08:52

Hi,

I spent last two days trying to get iptables connlimit match working. By default, openwrt compiles as module:

CONFIG_IP_NF_MATCH_CONNLIMIT=m

Trying to insmod it, program returns error about ip_conntrack_find_get symbol not being found. I searched in kernel, it should get exported by ip_conntrack_standalone but error remains if I set connlimit to be compiled into the kernel :

iptables -I INPUT 1 -p tcp --syn --dport 80 -m connlimit --connlimit-above 2 -j REJECT
iptables: No chain/target/match by that name

Doing an strace to that command, libipt_connlimit.so gets loaded successfully, so I am stuck as of now  sad

Any ideas? Sorry for my bad english,

jopi

Post #2
Blackvel
25 Nov 2004, 21:02

this is the .so part
You need the kernel part in /lib/modules/linux-version/netfilter names .o

insmod connlimit SHOULD NOT bring up symb link errors. This means the module has relations which are not solved.

Because you have no working kernel netlimit.o file loaded, your iptables rule fails with that no target error.

Try to fix your connlimit relationship smile

The discussion might have continued from here.