search for: tcp_traffic_in

...match if the number of existing tcp connections is (not) above n --connlimit-mask n group hosts using mask ----------------------------------------- The library seems to exist also: /lib64/iptables/libipt_connlimit.so However, creating a rule that uses connlimit fails: #$IPTABLES -A tcp_traffic_in -p tcp --dport 80 -m connlimit --connlimit-above 2 -j DROP iptables: Unknown error 4294967295 So, am I missing something? Or am I limited to using netfilter's patch-o-matic and compiling a custom kernel (that I **really* do not* want to do)? Thank you so much Hoang Phong Viet Nam ----------...