... реших да пробвам нещо друго
'> свалих последния снапшот на пом, същата работа
'>
'пачнах' на ръка
'>
cp patchlets/connlimit/linux/* ../linux/ -R
cp ./patchlets/connlimit/linux-2.6.11/* -R ../linux/
cat patchlets/connlimit/linux-2.6.11/net/ipv4/netfilter/
Makefile.ladd >> /usr/src/linux/net/ipv4/netfilter/Makefile
root@darkstar:/usr/src/patch-o-matic-ng-20060418# ./runme connlimit
Hey! KERNEL_DIR is not set.
Where is your kernel source directory? [/usr/src/linux]
Hey! IPTABLES_DIR is not set.
Where is your iptables source code directory? [/usr/src/iptables]
Loading patchlet definitions......................................................... done
Welcome to Patch-o-matic ($Revision: 6577 $
'>!
Kernel: 2.6.16, /usr/src/linux
Iptables: 1.3.5, /usr/src/iptables
Each patch is a new feature: many have minimal impact, some do not.
Almost every one has bugs, so don't apply what you don't need!
-------------------------------------------------------
Already applied:
Testing connlimit... not applied
The connlimit patch:
Author: Gerd Knorr <
kraxel@bytesex.org>
Status: ItWorksForMe[tm]
This adds an iptables match which allows you to restrict the
number of parallel TCP connections to a server per client IP address
(or address block).
Examples:
# allow 2 telnet connections per client host
iptables -p tcp --syn --dport 23 -m connlimit --connlimit-above 2 -j REJECT
# you can also match the other way around:
iptables -p tcp --syn --dport 23 -m connlimit ! --connlimit-above 2 -j ACCEPT
# limit the nr of parallel http requests to 16 per class C sized
# network (24 bit netmask)
iptables -p tcp --syn --dport 80 -m connlimit --connlimit-above 16 \
--connlimit-mask 24 -j REJECT
-----------------------------------------------------------------
Do you want to apply this patch [N/y/t/f/a/r/b/w/q/?] y
Excellent! Source trees are ready for compilation.
root@darkstar:/usr/src/patch-o-matic-ng-20060418#
така.. пуснах make menuconfig и ми излезе Connections/IP limit match support най-долу във Networking -> Networking options -> Network packet filtering (replaces ipchains) -> IP: Netfilter Configuration
'> Компилирах модулите и сега не плюе грешка когато през иптаблес задам лимита
'> Да видим действа ли
'> ВладСън благодаря ти, че се включи.