Knowledgebase

CSF xt_connlimit...FAILED

My CSF firewall says "xt_connlimit...FAILED" - please add xt_connlimit module.

Actually there is connlimit module and it is enabled. However the kernel implementation for connlimit has changed through the years. Distributions which by default run on 2.6.32 kernel (i.e. Debian 6 or CentOS 6) are incompatible with the xconnlimit implementation in the 2.6.18 OpenVZ kernel, which we use for it's stability.

A workaround would be to use CentOS 5 - CSF reports no problem with using the connlimit feature with CentOS 5.

If you want to use debian 6 64bit, you can do the following:


apt-get -y remove iptables
wget http://archive.debian.org/debian/pool/main/i/iptables/iptables_1.3.6.0debian1-5_amd64.deb
dpkg -i ./iptables_1.3.6.0debian1-5_amd64.deb


After that CSF should no longer report erros. Whether it really works - you have to test :)

 

Was this answer helpful?

 Print this Article

Also Read

Please change my RDNS!

For VPS customers - You can fully and instantly control the RDNS of your IPs through the SolusVM...

IPv6

IPv6 is available to our customers upon request. If you want to have IPv6 on your VPS, please...

KISS My Firewall

KISS My Firewall is a FREE iptables script developed by Steve Eschweiler and is released into the...

SolusVM control panel access

The URL for the SolusVM control panel is: http://solusvm.fitvps.com/ or for encrypted connection:...

tun/tap device

If you want to have tun/tap device in your VPS you just have to set the "tun/tap device" option...