DDOS Protection x_connlimit issue
February 2, 2014 Abidoon Leave a comment
Note to self:
The Linode kernels for CentOS 6 have built in support for xt_connlimit so it will not load a module. The kernel is monolithic.
Checking via the csf test script will always show:
/etc/csf/csftest.pl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...FAILED [Error: iptables: Protocol wrong type for socket.] - Required for CONNLIMIT feature
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK
RESULT: csf will function on this server but some features will not work due to some missing iptables modules [1]
This is because it assumes that this will be a module.