[NETFILTER]: x_tables: add connlimit match

ipt_connlimit has been sitting in POM-NG for a long time. Here is a new shiny xt_connlimit with: * xtables'ified * will request the layer3 module (previously it hotdropped every packet when it was not loaded) * fixed: there was a deadlock in case of an OOM condition * support for any layer4 protocol (e.g. UDP/SCTP) * using jhash, as suggested by Eric Dumazet * ipv6 support Signed-off-by: Jan Engelhardt <jengelh@gmx.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Jan Engelhardt <jengelh@gmx.de> 2007-07-14 20:47:26 -0700
committer: David S. Miller <davem@davemloft.net> 2007-07-14 20:47:26 -0700
commit: 370786f9cfd430cb424f00ce4110e75bb1b95a19 (patch)
tree: df0e51882850f8db8da8f6e4ab746179b1993b9c /net/netfilter/Kconfig
parent: a887c1c148ffb3eb1c193e9869ca5297c6e22078 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index df5e8dab871..9415b9a5dba 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -423,6 +423,13 @@ config NETFILTER_XT_MATCH_CONNBYTES
 	  If you want to compile it as a module, say M here and read
 	  <file:Documentation/kbuild/modules.txt>.  If unsure, say `N'.
 
+config NETFILTER_XT_MATCH_CONNLIMIT
+	tristate '"connlimit" match support"'
+	depends on NETFILTER_XTABLES
+	---help---
+	  This match allows you to match against the number of parallel
+	  connections to a server per client IP address (or address block).
+
 config NETFILTER_XT_MATCH_CONNMARK
 	tristate  '"connmark" connection mark match support'
 	depends on NETFILTER_XTABLES
author	Jan Engelhardt <jengelh@gmx.de>	2007-07-14 20:47:26 -0700
committer	David S. Miller <davem@davemloft.net>	2007-07-14 20:47:26 -0700
commit	370786f9cfd430cb424f00ce4110e75bb1b95a19 (patch)
tree	df0e51882850f8db8da8f6e4ab746179b1993b9c /net/netfilter/Kconfig
parent	a887c1c148ffb3eb1c193e9869ca5297c6e22078 (diff)