iptables gives an error to a generic connlimit command. the expected is that the rule is added -- BEGIN PASTE -- [root@edge.tptp.cc][~]# uname -a Linux edge.tptp.cc 4.4.8-hardened-r1 #9 SMP Mon Jul 25 22:36:44 EDT 2016 x86_64 Intel(R) Xeon(R) CPU 3060 @ 2.40GHz GenuineIntel GNU/Linux [root@edge.tptp.cc][~]# iptables -A INPUT -p tcp -m tcp --dport 22 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit iptables v1.4.21: You must specify "--connlimit-above" or "--connlimit-upto". Try `iptables -h' or 'iptables --help' for more information. [root@edge.tptp.cc][~]# iptables -A INPUT -p tcp -m tcp --dport 22 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 4 iptables: No chain/target/match by that name. [root@edge.tptp.cc][~]# iptables -A INPUT -p tcp -m tcp --dport 22 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 4 --connlimit-mask 32 --connlimit-saddr -j DROP iptables: No chain/target/match by that name. -- END PASTE --
Thank you for the report. It looks like a general problem with the program and probably a bug in the upstream source code. I can not see a hint for a problem in the ebuild. I will close the bug here. Please reopen it, if I am wrong, or if you have more information. I have had very good experience on the gentoo IRC [1] and stackexchange with questions like this. Of course there are also forums and mailing lists. [3-4] I hope you understand, that I will close the bug here therefore and wish you good luck on one of the mentioned channels. [1] https://www.gentoo.org/get-involved/irc-channels/ [2] http://unix.stackexchange.com/questions/tagged/gentoo?sort=votes&pageSize=15 [3] https://forums.gentoo.org/ [4] https://www.gentoo.org/get-involved/mailing-lists/all-lists.html
