search

Ernillew / wl500g

Automatically exported from code.google.com/p/wl500g
0 stars 0 forks source link

netfilter: unable to add connlimit match #308

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
Dear Developer(s)!

I wanna be used xt_connlimit module in the kernel because i need for extension 
of iptables (-m connlimit)

This happened:

[root@Asus_Router root]$ lsmod | grep xt_connlimit
[root@Asus_Router root]$ iptables -I FORWARD -s 192.168.1.2 -p tcp -m connlimit
--connlimit-above 350 -j DROP
iptables: No chain/target/match by that name.
[root@Asus_Router root]$ insmod xt_connlimit
[root@Asus_Router root]$ lsmod | grep xt_connlimit
xt_connlimit            3872  0
[root@Asus_Router root]$ iptables -I FORWARD -s 192.168.1.2 -p tcp -m connlimit
--connlimit-above 350 -j DROP
iptables: Invalid argument. Run `dmesg' for more information.
[root@Asus_Router root]$ dmesg | tail -n 5
EXT3-fs warning: maximal mount count reached, running e2fsck is recommended
EXT3 FS on sda2, internal journal
EXT3-fs: mounted filesystem with ordered data mode.
cannot load conntrack support for address family 0
cannot load conntrack support for address family 0

this is a asus wl500gp machine and running (WL500gp-1.9.2.7-rtn-r4051) this fw

iptables v1.4.3.2

i do not use any third-party-s stuff

thx for help and if you need any informations send mail here: ciscoka@gmail.com

but i hope i type everything you need

Original issue reported on code.google.com by cisc...@gmail.com on 22 Apr 2012 at 4:04

GoogleCodeExporter commented 9 years ago 
sorry for my english knowledge :S i hope you will understand

Original comment by cisc...@gmail.com on 22 Apr 2012 at 4:10

GoogleCodeExporter commented 9 years ago

Original comment by lly.dev on 22 Apr 2012 at 6:25

GoogleCodeExporter commented 9 years ago 
Problem introduced since r3984. Modules affected:

xt_CONNMARK/xt_connmark
xt_CONNSECMARK
xt_connbytes
xt_connlimit
xt_helper

Original comment by lly.dev on 23 Apr 2012 at 6:24

GoogleCodeExporter commented 9 years ago 
We have to backport kernel.org commit
 916a917dfe netfilter: xtables: provide invoked family value to extensions

Original comment by lly.dev on 23 Apr 2012 at 5:20

GoogleCodeExporter commented 9 years ago 
Fixed in r4145. Please try latest night build from:

http://wpte.kicks-ass.net/downloads/Oleg%20Firmware/Nightlys/1.9.2.7-rtn/
http://asus.vectormm.net/rtn/

Original comment by lly.dev on 27 Apr 2012 at 2:57