Weblog entry #1 for Jaffster
See all weblog entries made by Jaffster.
#1
Iptables -limit
Posted by Jaffster on Wed 23 Jan 2008 at 18:49
When i find out what i am doing wrong , i am probably gonna smack myself over the head, but i am stuck here.
I installed Debian etch.... updated all... no worries
Configured all i needed.... no worries there....
Then installed my firewall script... now here the shit hit the fan....
On my webserver rules i use the --limit and --limit-burst options, but iptables does not recognize these commands. its because ipt_limit module is not loaded.
now how do i load this module ?
Jaffster
I installed Debian etch.... updated all... no worries
Configured all i needed.... no worries there....
Then installed my firewall script... now here the shit hit the fan....
On my webserver rules i use the --limit and --limit-burst options, but iptables does not recognize these commands. its because ipt_limit module is not loaded.
now how do i load this module ?
Jaffster
Comments on this Entry
Using insmod or modprobe, just like any other module. However, it seems that ipt_limit is now only an alias for xt_limit, so you'd have to load xt_limit instead, to get the --limit functionality.
I guess the error message could be a little clearer about that...
Cheers:wq
[ Parent | Reply to this comment ]
Posted by Anonymous (190.2.xx.xx) on Sat 8 Mar 2008 at 19:34
1. which rule are you running exactly ?
For example, a rule with --limit should look like this (try this one on your host)
iptables -t filter -A INPUT -p icmp --icmp-type 8 -m limit --limit 3/second -j ACCEPT
2. Are you using a debian kernel ? Have you tried "modprobe xt_limit" ?
Hope it helps
For example, a rule with --limit should look like this (try this one on your host)
iptables -t filter -A INPUT -p icmp --icmp-type 8 -m limit --limit 3/second -j ACCEPT
2. Are you using a debian kernel ? Have you tried "modprobe xt_limit" ?
Hope it helps
[ Parent | Reply to this comment ]
You can go the insmod route or you can use a couple of cool tools provided by Debian packages. I use both...
apt-get install module-assistant modconf
module-assistant
http://packages.debian.org/etch/module-assistant
modconf
http://packages.debian.org/etch/modconf
apt-get install module-assistant modconf
module-assistant
http://packages.debian.org/etch/module-assistant
modconf
http://packages.debian.org/etch/modconf
[ Parent | Reply to this comment ]