Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 589772

Summary: iptables gives erroneous response to connlimit commands
Product: Gentoo Linux Reporter: Noah James McNallie <infinmed>
Component: Current packagesAssignee: Gentoo Linux bug wranglers <bug-wranglers>
Status: RESOLVED NEEDINFO    
Severity: normal CC: jstein
Priority: Normal    
Version: unspecified   
Hardware: AMD64   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Noah James McNallie 2016-07-26 20:21:41 UTC 
iptables gives an error to a generic connlimit command. the expected is that the rule is added

-- BEGIN PASTE --
[root@edge.tptp.cc][~]# uname -a
Linux edge.tptp.cc 4.4.8-hardened-r1 #9 SMP Mon Jul 25 22:36:44 EDT 2016 x86_64 Intel(R) Xeon(R) CPU 3060 @ 2.40GHz GenuineIntel GNU/Linux
[root@edge.tptp.cc][~]# iptables -A INPUT -p tcp -m tcp --dport 22 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit
iptables v1.4.21: You must specify "--connlimit-above" or "--connlimit-upto".
Try `iptables -h' or 'iptables --help' for more information.
[root@edge.tptp.cc][~]# iptables -A INPUT -p tcp -m tcp --dport 22 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 4
iptables: No chain/target/match by that name.
[root@edge.tptp.cc][~]# iptables -A INPUT -p tcp -m tcp --dport 22 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 4 --connlimit-mask 32 --connlimit-saddr -j DROP
iptables: No chain/target/match by that name.
-- END PASTE --
Comment 1 Jonas Stein gentoo-dev 2016-07-27 07:28:00 UTC 
Thank you for the report. 
It looks like a general problem with the program and probably a bug in the upstream source code. I can not see a hint for a problem in the ebuild.

I will close the bug here. 
Please reopen it, if I am wrong, or if you have more information.

I have had very good experience on the gentoo IRC [1] and stackexchange with questions like this. Of course there are also forums and mailing lists. [3-4]

I hope you understand, that I will close the bug here therefore and wish you good luck on one of the mentioned channels.

[1] https://www.gentoo.org/get-involved/irc-channels/
[2] http://unix.stackexchange.com/questions/tagged/gentoo?sort=votes&pageSize=15
[3] https://forums.gentoo.org/
[4] https://www.gentoo.org/get-involved/mailing-lists/all-lists.html