[RESOLVED] iptables connlimit

chegevaro · n00b Joined: 16 Apr 2008 Posts: 4

Hello.

I'm plan to new install ip_connlimit module for limit TCP session...
in one of the past install ok on old kernel version 2.6.13 and work ok...
but, now i'm use kernel version 2.6.24 and P-O-M (patch-o-matic-ng-2008041) have problem with compile kernel

make process return error:
net/ipv4/netfilter/ipt_connlimit.c: In function 'count_them':
net/ipv4/netfilter/ipt_connlimit.c:98: error: too many arguments to function 'nf_conntrack_find_get'
net/ipv4/netfilter/ipt_connlimit.c: At top level:
net/ipv4/netfilter/ipt_connlimit.c:312: warning: initialization from incompatible pointer type
net/ipv4/netfilter/ipt_connlimit.c:316: warning: initialization from incompatible pointer type
make[3]: *** [net/ipv4/netfilter/ipt_connlimit.o] Error 1
make[2]: *** [net/ipv4/netfilter] Error 2
make[1]: *** [net/ipv4] Error 2
make: *** [net] Error 2

my step...
1) ebuil <PATH-TO-IPTABLES-1.3.8> unpack
2) download POM, extract (/usr/local/src/pom/)
3) cd <POM_DIR> ./runme --download
./runme conlimit
KERNEL_DIR=/usr/src/linux
IPTABLES_DIR=<UNPACK_IPT_DIR>
ok!
4) run config kernel, select as MODULE Connections/IP limit match support
5) run 'make' kernel...

kernel: 2.6.24-gentoo-r4
iptables: 1.3.8-r3
glibc-2.6.1
netfilet configuration kernel:
%%%
CONFIG_NETFILTER=y
CONFIG_NETFILTER_DEBUG=y
# Core Netfilter Configuration
CONFIG_NETFILTER_NETLINK=y
CONFIG_NETFILTER_NETLINK_QUEUE=y
CONFIG_NETFILTER_NETLINK_LOG=y
CONFIG_NETFILTER_XTABLES=y
CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y
CONFIG_NETFILTER_XT_TARGET_CONNMARK=m
CONFIG_NETFILTER_XT_TARGET_DSCP=y
CONFIG_NETFILTER_XT_TARGET_MARK=y
CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y
CONFIG_NETFILTER_XT_TARGET_NFLOG=y
CONFIG_NETFILTER_XT_TARGET_NOTRACK=m
CONFIG_NETFILTER_XT_TARGET_TRACE=y
CONFIG_NETFILTER_XT_TARGET_SECMARK=y
CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=m
CONFIG_NETFILTER_XT_TARGET_TCPMSS=y
CONFIG_NETFILTER_XT_MATCH_COMMENT=y
CONFIG_NETFILTER_XT_MATCH_CONNBYTES=m
CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=m
CONFIG_NETFILTER_XT_MATCH_CONNMARK=m
CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m
CONFIG_NETFILTER_XT_MATCH_DCCP=y
CONFIG_NETFILTER_XT_MATCH_DSCP=y
CONFIG_NETFILTER_XT_MATCH_ESP=y
CONFIG_NETFILTER_XT_MATCH_HELPER=m
CONFIG_NETFILTER_XT_MATCH_LENGTH=y
CONFIG_NETFILTER_XT_MATCH_LIMIT=m
CONFIG_NETFILTER_XT_MATCH_MAC=y
CONFIG_NETFILTER_XT_MATCH_MARK=y
CONFIG_NETFILTER_XT_MATCH_POLICY=y
CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y
CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y
CONFIG_NETFILTER_XT_MATCH_QUOTA=y
CONFIG_NETFILTER_XT_MATCH_REALM=y
CONFIG_NETFILTER_XT_MATCH_STATE=m
CONFIG_NETFILTER_XT_MATCH_STATISTIC=y
CONFIG_NETFILTER_XT_MATCH_STRING=y
CONFIG_NETFILTER_XT_MATCH_TCPMSS=y
CONFIG_NETFILTER_XT_MATCH_TIME=y
CONFIG_NETFILTER_XT_MATCH_U32=y
CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=m
# IP: Netfilter Configuration
%%%

Please help...
sorry for my english
_________________
USE="-silly -stupid beautiful clever original" emerge -v girl

Januszzz · Posted: Thu Apr 17, 2008 8:18 am Post subject:

chegevaro · n00b Joined: 16 Apr 2008 Posts: 4

Januszzz · Posted: Thu Apr 17, 2008 9:22 am Post subject:

...then take 2.6.25, its released today. Here it is for sure (but I bet I saw it in 2.6.24 too).

chegevaro · n00b Joined: 16 Apr 2008 Posts: 4

chegevaro · n00b Joined: 16 Apr 2008 Posts: 4

i'm install new iptables version 1.4.0 and all ok!
All thx!
_________________
USE="-silly -stupid beautiful clever original" emerge -v girl