Unknown arg `--hashlimit-upto'

Question

I'm trying to prevent loic attackes by using this command

iptables -A INPUT -p tcp --dport 80 -m hashlimit --hashlimit-upto 50/min \
--hashlimit-burst 500 --hashlimit-mode srcip --hashlimit-name http -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP

reference: How to prevent a LOIC (DDOS) attack?

I always got this error message:

iptables v1.3.5: Unknown arg `--hashlimit-upto'

What's causing it and how can I fix it?

Could it be that `v1.3.5` does not yet support that option? Check your man page, please. Is this an older box? — Felix Frank, Aug 13 '14 at 12:01
Thanks for the tip, I've updated to latest version which is v1.4.21, I'm still getting the error: iptables v1.4.21: unknown option "--hashlimit-upto" — Mely N, Aug 14 '14 at 02:40

score 2 · Accepted Answer · answered Aug 13 '14 at 13:02

2

You're using an ancient version of iptables which dates back to January 2006, and probably on a very old Linux distribution.

The problem is that the feature you were trying to use was added to iptables in 2008.

The solution is to update to a more modern Linux distribution.

answered Aug 13 '14 at 13:02

Michael Hampton

237,123
42
477
940

Thanks @Michael Hampton, please check my comment on my question, any idea? – Mely N Aug 14 '14 at 02:41
Right? And did you update your kernel too? Exactly what are you running? – Michael Hampton Aug 14 '14 at 13:09
I'm using centos 5.9, is it risky to update kernel for this? – Mely N Aug 15 '14 at 05:24
You can replace the kernel if you want, but you're already out of supportable territory by replacing standard utilities with self-compiled things. Better to update to a more current OS distribution if you want more current features. – Michael Hampton Aug 15 '14 at 12:46

Unknown arg `--hashlimit-upto'

1 Answers1