2014-07-14 11:05:24 +08:00
回复了 mingxing 创建的主题 云计算 加入 UPYUN 联盟,享每月 10G 空间,15G 流量免费赠送!
2013-06-07 09:10:11 +08:00
回复了 orzfly 创建的主题 Linux iptables: Protocol wrong type for socket.

CentOS's userspace tools are also incompatible with the connlimit module in our latest 3.x series kernels because the version of 'iptables' that is installed is too old:
# iptables -V
iptables v1.4.7

Please issue these commands, and again, remember that building from source means that this package will no longer be managed by your package management system (yum):
yum update
rpm -e --nodeps iptables-1.4.7-9.el6.i686
rpm -e --nodeps iptables-ipv6-1.4.7-9.el6.i686
yum groupinstall 'Development Tools'
wget http://www.netfilter.org/projects/iptables/files/iptables-1.4.19.tar.bz2
tar jxvf iptables-1.4.19.tar.bz2
cd iptables-1.4.19
LDFLAGS="-L$PWD/libiptc/.libs" ./configure --prefix=/usr --exec-prefix= --bindir=/usr/bin --with-xtlibdir=/lib/xtables --with-pkgconfigdir=/usr/lib/pkgconfig --enable-libipq --enable-devel
make install

When the installation is complete, run "iptables -V" and you should see the following output:
//当你完成安装时,输入“iptables -V” 然后你会看到下面的内容
iptables v1.4.19

Now try to load that iptables rule:

iptables -I FORWARD -p tcp --syn --dport 80 -m connlimit --connlimit-above 20 -j DROP

It should succeed with no error message. You can verify that the rule was loaded with either of these commands:

iptables -L -n -v

