Quote:
Originally Posted by GrapefruiTgirl
try --limit instead of --connlimit; here's a working example of --limit (This is ONE LINE-- I broke the line in half for readability):
Code:
-A TCP-ACCEPT-C -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG SYN
-m state --state NEW,RELATED,ESTABLISHED -m limit --limit 40/sec --limit-burst 10 -j ACCEPT
Sasha |
iptables -A TCP-ACCEPT-C -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG SYN -m state --state NEW,RELATED,ESTABLISHED -m limit --limit 40/sec
[root@xxx]#
[root@xxx]# iptables -A TCP-ACCEPT-C -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG SYN -m state --state NEW,RELATED,ESTABLISHED -m limit --limit 2/sec
iptables: No chain/target/match by that name
[root@xxx]#
[root@xxx]#
[root@xxx]# iptables
iptables v1.2.11: no command specified
Try `iptables -h' or 'iptables --help' for more information.
[root@xxx]#
I think I need a new version of iptables, it has v1.2.11 and I see that the latest version of iptables is 1.4.6
I tried to install iptables 1.4.6, downloaded it from here:
http://www.netfilter.org/news.html#2009-12-09
and tried to install with these steps from here:
http://wendt.wisc.edu/site/public/?title=liniptables
http://www.cae.wisc.edu/iptables-installing
but it didn't work, or atleast I don't think it worked. Maybe it needs a reboot ? Here's the log with what I did:
[root@xxx]# cd /
[root@xxx]#
[root@xxx]# pwd
/
[root@xxx]#
[root@xxx]# ls
backup boot dev home infx_up iptables-1.4.6.tar.bz2 lib64 media mnt proc sbin srv tmp var
bin danielbackup etc INFORMIXTMP initrd lib lost+found misc opt root selinux sys usr work
[root@xxx]#
[root@xxx]#
[root@xxx]#
[root@xxx]# tar -xvjf ./iptables-1.4.6.tar.bz2 -C /usr/src
I cannot copy the whole window text and I cuted the "log".
iptables-1.4.6/include/linux/netfilter_ipv4/ipt_TOS.h
iptables-1.4.6/include/linux/netfilter_ipv4/ipt_TTL.h
iptables-1.4.6/include/linux/netfilter_ipv4/ipt_set.h
iptables-1.4.6/include/linux/netfilter_ipv4/ipt_tos.h
iptables-1.4.6/include/linux/netfilter_ipv4/ipt_owner.h
iptables-1.4.6/include/linux/netfilter_ipv4/ipt_policy.h
iptables-1.4.6/include/linux/netfilter_ipv4/ipt_iprange.h
iptables-1.4.6/include/linux/netfilter_ipv4.h
iptables-1.4.6/include/xtables.h.in
iptables-1.4.6/include/ip6tables.h
iptables-1.4.6/include/libiptc/
iptables-1.4.6/include/libiptc/libiptc.h
iptables-1.4.6/include/libiptc/libip6tc.h
iptables-1.4.6/include/libiptc/ipt_kernel_headers.h
iptables-1.4.6/include/libiptc/libxtc.h
iptables-1.4.6/include/iptables/
iptables-1.4.6/include/iptables/internal.h.in
iptables-1.4.6/include/libipq/
iptables-1.4.6/include/libipq/libipq.h
iptables-1.4.6/include/Makefile.in
iptables-1.4.6/include/iptables.h
iptables-1.4.6/include/Makefile.am
iptables-1.4.6/include/libipulog/
iptables-1.4.6/include/libipulog/libipulog.h
iptables-1.4.6/include/net/
iptables-1.4.6/include/net/netfilter/
iptables-1.4.6/include/net/netfilter/nf_conntrack_tuple.h
iptables-1.4.6/include/net/netfilter/nf_nat.h
iptables-1.4.6/iptables-xml.8
iptables-1.4.6/config.h.in
iptables-1.4.6/libiptc.pc.in
iptables-1.4.6/libiptc/
iptables-1.4.6/libiptc/linux_list.h
iptables-1.4.6/libiptc/linux_stddef.h
iptables-1.4.6/libiptc/libip6tc.c
iptables-1.4.6/libiptc/libiptc.c
iptables-1.4.6/libiptc/libip4tc.c
iptables-1.4.6/libipq/
iptables-1.4.6/libipq/ipq_destroy_handle.3
iptables-1.4.6/libipq/ipq_errstr.3
iptables-1.4.6/libipq/ipq_read.3
iptables-1.4.6/libipq/ipq_perror.3
iptables-1.4.6/libipq/ipq_set_mode.3
iptables-1.4.6/libipq/Makefile.in
iptables-1.4.6/libipq/ipq_message_type.3
iptables-1.4.6/libipq/ipq_get_msgerr.3
iptables-1.4.6/libipq/Makefile.am
iptables-1.4.6/libipq/libipq.3
iptables-1.4.6/libipq/libipq.c
iptables-1.4.6/libipq/ipq_set_verdict.3
iptables-1.4.6/libipq/ipq_get_packet.3
iptables-1.4.6/libipq/ipq_create_handle.3
iptables-1.4.6/iptables-standalone.c
iptables-1.4.6/install-sh
iptables-1.4.6/iptables-restore.8
iptables-1.4.6/Makefile.in
iptables-1.4.6/extensions/
iptables-1.4.6/extensions/libxt_rateest.c
iptables-1.4.6/extensions/libxt_SECMARK.c
iptables-1.4.6/extensions/libxt_recent.c
iptables-1.4.6/extensions/libip6t_dst.man
iptables-1.4.6/extensions/libxt_limit.c
iptables-1.4.6/extensions/libxt_owner.man
iptables-1.4.6/extensions/libxt_TCPMSS.man
iptables-1.4.6/extensions/libipt_ULOG.c
iptables-1.4.6/extensions/libxt_iprange.c
iptables-1.4.6/extensions/libip6t_eui64.man
iptables-1.4.6/extensions/libxt_MARK.man
iptables-1.4.6/extensions/libxt_RATEEST.man
iptables-1.4.6/extensions/libipt_CLUSTERIP.c
iptables-1.4.6/extensions/libxt_NFQUEUE.c
iptables-1.4.6/extensions/libxt_tcpmss.c
iptables-1.4.6/extensions/libxt_time.c
iptables-1.4.6/extensions/libipt_REJECT.c
iptables-1.4.6/extensions/libxt_statistic.c
iptables-1.4.6/extensions/libipt_ttl.c
iptables-1.4.6/extensions/libxt_NFLOG.c
iptables-1.4.6/extensions/libipt_SAME.man
iptables-1.4.6/extensions/libip6t_rt.c
iptables-1.4.6/extensions/libxt_CONNMARK.c
iptables-1.4.6/extensions/libipt_set.man
iptables-1.4.6/extensions/libxt_CLASSIFY.man
iptables-1.4.6/extensions/libxt_multiport.man
iptables-1.4.6/extensions/libxt_dccp.man
iptables-1.4.6/extensions/libip6t_icmp6.c
iptables-1.4.6/extensions/libxt_pkttype.c
iptables-1.4.6/extensions/libxt_helper.c
iptables-1.4.6/extensions/libxt_helper.man
iptables-1.4.6/extensions/libip6t_HL.man
iptables-1.4.6/extensions/libipt_MIRROR.c
iptables-1.4.6/extensions/libipt_NETMAP.man
iptables-1.4.6/extensions/libipt_REDIRECT.c
iptables-1.4.6/extensions/libip6t_icmp6.man
iptables-1.4.6/extensions/libxt_esp.c
iptables-1.4.6/extensions/libxt_multiport.c
iptables-1.4.6/extensions/libxt_string.c
iptables-1.4.6/extensions/libxt_connmark.c
iptables-1.4.6/extensions/libxt_CLASSIFY.c
iptables-1.4.6/extensions/libipt_unclean.c
iptables-1.4.6/extensions/libxt_connbytes.c
iptables-1.4.6/extensions/libipt_ULOG.man
iptables-1.4.6/extensions/GNUmakefile.in
iptables-1.4.6/extensions/libxt_physdev.man
iptables-1.4.6/extensions/libxt_standard.c
iptables-1.4.6/extensions/libxt_u32.c
iptables-1.4.6/extensions/libxt_CONNSECMARK.c
iptables-1.4.6/extensions/libip6t_hbh.man
iptables-1.4.6/extensions/libxt_mac.man
iptables-1.4.6/extensions/libxt_dscp.c
iptables-1.4.6/extensions/libip6t_frag.c
iptables-1.4.6/extensions/libxt_rateest.man
iptables-1.4.6/extensions/libxt_conntrack.c
iptables-1.4.6/extensions/dscp_helper.c
iptables-1.4.6/extensions/libxt_CONNSECMARK.man
iptables-1.4.6/extensions/libxt_dccp.c
iptables-1.4.6/extensions/libxt_hashlimit.c
iptables-1.4.6/extensions/libxt_connlimit.c
iptables-1.4.6/extensions/libxt_u32.man
iptables-1.4.6/extensions/libxt_cluster.c
iptables-1.4.6/extensions/libipt_realm.man
iptables-1.4.6/extensions/libxt_string.man
iptables-1.4.6/extensions/libxt_iprange.man
iptables-1.4.6/extensions/libxt_CONNMARK.man
iptables-1.4.6/extensions/libip6t_ipv6header.man
iptables-1.4.6/extensions/libip6t_REJECT.man
iptables-1.4.6/extensions/libipt_ecn.man
iptables-1.4.6/extensions/libipt_MIRROR.man
iptables-1.4.6/extensions/libxt_mac.c
iptables-1.4.6/extensions/libxt_mark.c
iptables-1.4.6/extensions/libxt_socket.c
iptables-1.4.6/extensions/libxt_tcp.c
iptables-1.4.6/extensions/libxt_udp.man
iptables-1.4.6/extensions/libip6t_hbh.c
iptables-1.4.6/extensions/libip6t_dst.c
iptables-1.4.6/extensions/libxt_connbytes.man
iptables-1.4.6/extensions/libipt_MASQUERADE.man
iptables-1.4.6/extensions/libxt_policy.c
iptables-1.4.6/extensions/libip6t_mh.man
iptables-1.4.6/extensions/libip6t_LOG.c
iptables-1.4.6/extensions/libipt_ECN.man
iptables-1.4.6/extensions/libxt_state.man
iptables-1.4.6/extensions/libxt_time.man
iptables-1.4.6/extensions/libipt_TTL.man
iptables-1.4.6/extensions/libip6t_ah.c
iptables-1.4.6/extensions/libxt_DSCP.man
iptables-1.4.6/extensions/libxt_owner.c
iptables-1.4.6/extensions/libipt_LOG.c
iptables-1.4.6/extensions/libipt_REDIRECT.man
iptables-1.4.6/extensions/libip6t_rt.man
iptables-1.4.6/extensions/libxt_length.man
iptables-1.4.6/extensions/libxt_osf.c
iptables-1.4.6/extensions/libxt_pkttype.man
iptables-1.4.6/extensions/libipt_icmp.c
iptables-1.4.6/extensions/libipt_icmp.man
iptables-1.4.6/extensions/libipt_SAME.c
iptables-1.4.6/extensions/libipt_realm.c
iptables-1.4.6/extensions/libip6t_ah.man
iptables-1.4.6/extensions/libipt_ECN.c
iptables-1.4.6/extensions/libxt_DSCP.c
iptables-1.4.6/extensions/libip6t_mh.c
iptables-1.4.6/extensions/libxt_SECMARK.man
iptables-1.4.6/extensions/libipt_SNAT.man
iptables-1.4.6/extensions/libipt_MASQUERADE.c
iptables-1.4.6/extensions/libxt_comment.c
iptables-1.4.6/extensions/libxt_connmark.man
iptables-1.4.6/extensions/libxt_sctp.c
iptables-1.4.6/extensions/libxt_recent.man
iptables-1.4.6/extensions/libipt_addrtype.man
iptables-1.4.6/extensions/libxt_TOS.man
iptables-1.4.6/extensions/libxt_tcpmss.man
iptables-1.4.6/extensions/libxt_TOS.c
iptables-1.4.6/extensions/libipt_SET.man
iptables-1.4.6/extensions/libip6t_hl.c
iptables-1.4.6/extensions/libxt_quota.c
iptables-1.4.6/extensions/libipt_DNAT.man
iptables-1.4.6/extensions/libip6t_frag.man
iptables-1.4.6/extensions/libxt_statistic.man
iptables-1.4.6/extensions/libxt_MARK.c
iptables-1.4.6/extensions/libipt_SNAT.c
iptables-1.4.6/extensions/libipt_CLUSTERIP.man
iptables-1.4.6/extensions/libip6t_ipv6header.c
iptables-1.4.6/extensions/libxt_length.c
iptables-1.4.6/extensions/libxt_TRACE.man
iptables-1.4.6/extensions/libxt_comment.man
iptables-1.4.6/extensions/libipt_NETMAP.c
iptables-1.4.6/extensions/libipt_DNAT.c
iptables-1.4.6/extensions/libxt_TCPMSS.c
iptables-1.4.6/extensions/libxt_quota.man
iptables-1.4.6/extensions/libipt_SET.c
iptables-1.4.6/extensions/libxt_tos.man
iptables-1.4.6/extensions/libxt_tos.c
iptables-1.4.6/extensions/libxt_TCPOPTSTRIP.man
iptables-1.4.6/extensions/libxt_TPROXY.c
iptables-1.4.6/extensions/libxt_TRACE.c
iptables-1.4.6/extensions/libipt_LOG.man
iptables-1.4.6/extensions/libxt_RATEEST.c
iptables-1.4.6/extensions/libxt_dscp.man
iptables-1.4.6/extensions/libipt_TTL.c
iptables-1.4.6/extensions/libxt_NFQUEUE.man
iptables-1.4.6/extensions/libxt_NFLOG.man
iptables-1.4.6/extensions/libipt_ah.c
iptables-1.4.6/extensions/libip6t_hl.man
iptables-1.4.6/extensions/libipt_unclean.man
iptables-1.4.6/extensions/libxt_physdev.c
iptables-1.4.6/extensions/libipt_ttl.man
iptables-1.4.6/extensions/libxt_policy.man
iptables-1.4.6/extensions/libxt_hashlimit.man
iptables-1.4.6/extensions/libxt_mark.man
iptables-1.4.6/extensions/libipt_REJECT.man
iptables-1.4.6/extensions/libxt_conntrack.man
iptables-1.4.6/extensions/tos_values.c
iptables-1.4.6/extensions/libipt_ah.man
iptables-1.4.6/extensions/libipt_addrtype.c
iptables-1.4.6/extensions/libipt_set.h
iptables-1.4.6/extensions/libxt_connlimit.man
iptables-1.4.6/extensions/libxt_TCPOPTSTRIP.c
iptables-1.4.6/extensions/libip6t_eui64.c
iptables-1.4.6/extensions/libip6t_LOG.man
iptables-1.4.6/extensions/libxt_cluster.man
iptables-1.4.6/extensions/libxt_socket.man
iptables-1.4.6/extensions/libipt_set.c
iptables-1.4.6/extensions/libxt_tcp.man
iptables-1.4.6/extensions/libxt_NOTRACK.man
iptables-1.4.6/extensions/libxt_esp.man
iptables-1.4.6/extensions/libxt_TPROXY.man
iptables-1.4.6/extensions/libxt_limit.man
iptables-1.4.6/extensions/libxt_state.c
iptables-1.4.6/extensions/libxt_sctp.man
iptables-1.4.6/extensions/libxt_NOTRACK.c
iptables-1.4.6/extensions/libip6t_HL.c
iptables-1.4.6/extensions/libxt_udp.c
iptables-1.4.6/extensions/libip6t_REJECT.c
iptables-1.4.6/extensions/libipt_ecn.c
iptables-1.4.6/config.guess
iptables-1.4.6/ip6tables.c
iptables-1.4.6/iptables-save.8
iptables-1.4.6/iptables.xslt
iptables-1.4.6/xshared.h
iptables-1.4.6/compile
iptables-1.4.6/autogen.sh
iptables-1.4.6/iptables-apply
iptables-1.4.6/xtables.pc.in
iptables-1.4.6/depcomp
iptables-1.4.6/Makefile.am
iptables-1.4.6/COPYING
iptables-1.4.6/xshared.c
iptables-1.4.6/ip6tables-standalone.c
iptables-1.4.6/iptables.c
iptables-1.4.6/configure.ac
iptables-1.4.6/iptables-xml.c
iptables-1.4.6/release.sh
iptables-1.4.6/iptables-save.c
iptables-1.4.6/iptables.8.in
iptables-1.4.6/ip6tables-save.8
iptables-1.4.6/configure
iptables-1.4.6/missing
iptables-1.4.6/config.sub
iptables-1.4.6/.gitignore
iptables-1.4.6/iptables-restore.c
iptables-1.4.6/ip6tables-multi.c
[root@xxx]#
[root@xxx]#
[root@xxx]#
[root@xxx]# cd /usr/src/iptables-1.4.6/
[root@xxx iptables-1.4.6]#
[root@xxx iptables-1.4.6]# pwd
/usr/src/iptables-1.4.6
[root@axxx iptables-1.4.6]#
[root@xxx iptables-1.4.6]#
[root@xxx /]#
[root@xxx /]# /bin/sh -c make
make: *** No targets specified and no makefile found. Stop.
[root@xxx]#
[root@xxx /]#
[root@xxx /]# cd /usr/src/iptables-1.4.6/
[root@xxx iptables-1.4.6]#
[root@xxx iptables-1.4.6]# pwd
/usr/src/iptables-1.4.6
[root@xxx iptables-1.4.6]#
[root@xxx iptables-1.4.6]# /bin/sh -c make
make all-recursive
make[1]: Entering directory `/usr/src/iptables-1.4.6'
Making all in extensions
make[2]: Entering directory `/usr/src/iptables-1.4.6/extensions'
make[2]: Leaving directory `/usr/src/iptables-1.4.6/extensions'
Making all in include
make[2]: Entering directory `/usr/src/iptables-1.4.6/include'
make[2]: Nothing to be done for `all'.
make[2]: Leaving directory `/usr/src/iptables-1.4.6/include'
make[2]: Entering directory `/usr/src/iptables-1.4.6'
make[2]: Leaving directory `/usr/src/iptables-1.4.6'
make[1]: Leaving directory `/usr/src/iptables-1.4.6'
[root@xxx iptables-1.4.6]#
[root@xxx iptables-1.4.6]# /bin/sh -c make install
make all-recursive
make[1]: Entering directory `/usr/src/iptables-1.4.6'
Making all in extensions
make[2]: Entering directory `/usr/src/iptables-1.4.6/extensions'
make[2]: Leaving directory `/usr/src/iptables-1.4.6/extensions'
Making all in include
make[2]: Entering directory `/usr/src/iptables-1.4.6/include'
make[2]: Nothing to be done for `all'.
make[2]: Leaving directory `/usr/src/iptables-1.4.6/include'
make[2]: Entering directory `/usr/src/iptables-1.4.6'
make[2]: Leaving directory `/usr/src/iptables-1.4.6'
make[1]: Leaving directory `/usr/src/iptables-1.4.6'
[root@xxx iptables-1.4.6]#
[root@xxx iptables-1.4.6]# iptables -V
-bash: /sbin/iptables: No such file or directory
[root@xxx iptables-1.4.6]#
[root@xxx iptables-1.4.6]# iptables
-bash: /sbin/iptables: No such file or directory
[root@xxx iptables-1.4.6]#
[root@xxx iptables-1.4.6]# cp ./iptables
iptables.8 iptables-multi.c iptables_multi-iptables-standalone.o iptables-save.c
iptables.8.in iptables-multi.h iptables_multi-iptables-xml.o iptables-standalone.c
iptables-apply iptables_multi-iptables-multi.o iptables_multi-xshared.o iptables-xml.8
iptables-apply.8 iptables_multi-iptables.o iptables-restore.8 iptables-xml.c
iptables.c iptables_multi-iptables-restore.o iptables-restore.c iptables.xslt
iptables-multi iptables_multi-iptables-save.o iptables-save.8
[root@xxx iptables-1.4.6]# cp ./iptables /sbin
cp: cannot stat `./iptables': No such file or directory
[root@xxx iptables-1.4.6]#
[root@xxx iptables-1.4.6]# ls
aclocal.m4 INCOMPATIBILITIES ip6tables-restore.c iptables_multi-iptables-standalone.o libxtables.la
autogen.sh INSTALL ip6tables-save.8 iptables_multi-iptables-xml.o libxtables_la-xtables.lo
COMMIT_NOTES install-sh ip6tables-save.c iptables_multi-xshared.o ltmain.sh
compile ip6tables.8 ip6tables-standalone.c iptables-restore.8 m4
config.guess ip6tables.8.in iptables.8 iptables-restore.c Makefile
config.h ip6tables.c iptables.8.in iptables-save.8 Makefile.am
config.h.in ip6tables-multi iptables-apply iptables-save.c Makefile.in
config.log ip6tables-multi.c iptables-apply.8 iptables-standalone.c missing
config.status ip6tables-multi.h iptables.c iptables-xml.8 release.sh
config.sub ip6tables_multi-ip6tables-multi.o iptables-multi iptables-xml.c stamp-h1
configure ip6tables_multi-ip6tables.o iptables-multi.c iptables.xslt xshared.c
configure.ac ip6tables_multi-ip6tables-restore.o iptables-multi.h libipq xshared.h
COPYING ip6tables_multi-ip6tables-save.o iptables_multi-iptables-multi.o libiptc xtables.c
depcomp ip6tables_multi-ip6tables-standalone.o iptables_multi-iptables.o libiptc.pc xtables.pc
extensions ip6tables_multi-xshared.o iptables_multi-iptables-restore.o libiptc.pc.in xtables.pc.in
include ip6tables-restore.8 iptables_multi-iptables-save.o libtool
[root@xxx iptables-1.4.6]#
[root@xxx iptables-1.4.6]# pwd
/usr/src/iptables-1.4.6
[root@xxx iptables-1.4.6]#
[root@xxx iptables-1.4.6]#
It dosen't give any error, or something like that, maybe it needs a reboot, but I don't want to reboot the server, 'cause it's in production mode and I can't permit that, the server needs to up up and running without one second off.
