Thank you for your answer,

When you write -p tcp, iptables automatically adds -m tcp.
I looked at the kernel messages with dmesg but couldn't find any log
about this.

Is there anybody successfully using the connlimit extension?

Hakan

----- Message from jch@(protected) ---------
  Tarih: Mon, 28 Apr 2008 17:37:10 +0100
    Kimden: John Haxby <jch@(protected)>
Cevap:"Red Hat Enterprise Linux 5 (Tikanga) discussion mailing-list"
<rhelv5-list@(protected)>
Konu: Re: [rhelv5-list] iptables unknown error with connlimit module
    Kime: "Red Hat Enterprise Linux 5 (Tikanga) discussion mailing-list"
<rhelv5-list@(protected)>


> Hakan VELIOGLU wrote:
>> Hi list,
>>
>> Why the below iptables command always gives Unknown error. Is there
>> anybody has
>> a solution.
>>
>> [root@(protected)
>> --connlimit-above 16 --connlimit-mask 24 -j REJECT
>> iptables: Unknown error 4294967295
>> [root@(protected) ~]#
>>
>
> "dmesg" will give you a more meaningful error message ... but in this
> particular case you're using options for the tcp matching extension
> without specifying the module.  You want
>
>   iptables -A INPUT -p tcp -m tcp --syn --dport 80 ...
>
> jch
>
> _______________________________________________
> rhelv5-list mailing list
> rhelv5-list@(protected)
> https://www.redhat.com/mailman/listinfo/rhelv5-list
>


----- End message from jch@(protected) -----



----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

_______________________________________________
rhelv5-list mailing list
rhelv5-list@(protected)
https://www.redhat.com/mailman/listinfo/rhelv5-list