Hello,
on my system (Debian unstable, kernel 2.6.8), I don't get this
simple iptables script running:
| IPTABLES=/sbin/iptables
|
| $IPTABLES -F
| $IPTABLES -X
| $IPTABLES -Z
|
| $IPTABLES -P INPUT ACCEPT
| $IPTABLES -P OUTPUT ACCEPT
| $IPTABLES -P FORWARD ACCEPT
|
| $IPTABLES -N ilocal
| $IPTABLES -N olocal
|
| $IPTABLES -A INPUT -j ilocal -i eth0
| $IPTABLES -A OUTPUT -j olocal -o eth0
|
| $IPTABLES -v -A ilocal -m state --state ESTABLISHED,RELATED -j ACCEPT
At the last line I get this error:
| ACCEPT all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 state RELATED,ESTABLISHED
| iptables: No chain/target/match by that name
My kernel configuration contains these IP_NF-related options:
| CONFIG_IP_NF_CONNTRACK=y
| CONFIG_IP_NF_FTP=y
| CONFIG_IP_NF_IRC=y
| CONFIG_IP_NF_TFTP=y
| CONFIG_IP_NF_AMANDA=y
| CONFIG_IP_NF_QUEUE=y
| CONFIG_IP_NF_IPTABLES=y
| CONFIG_IP_NF_MATCH_LIMIT=y
| CONFIG_IP_NF_MATCH_IPRANGE=y
| CONFIG_IP_NF_MATCH_MAC=y
| CONFIG_IP_NF_MATCH_PKTTYPE=y
| CONFIG_IP_NF_MATCH_MARK=y
| CONFIG_IP_NF_MATCH_MULTIPORT=y
| CONFIG_IP_NF_MATCH_TOS=y
| CONFIG_IP_NF_MATCH_RECENT=y
| CONFIG_IP_NF_MATCH_ECN=y
| CONFIG_IP_NF_MATCH_DSCP=y
| CONFIG_IP_NF_MATCH_AH_ESP=y
| CONFIG_IP_NF_MATCH_LENGTH=y
| CONFIG_IP_NF_MATCH_TTL=y
| CONFIG_IP_NF_MATCH_TCPMSS=y
| CONFIG_IP_NF_MATCH_OWNER=y
| CONFIG_IP_NF_FILTER=y
| CONFIG_IP_NF_TARGET_REJECT=y
| CONFIG_IP_NF_NAT=y
| CONFIG_IP_NF_NAT_NEEDED=y
| CONFIG_IP_NF_TARGET_MASQUERADE=y
| CONFIG_IP_NF_TARGET_REDIRECT=y
| CONFIG_IP_NF_TARGET_NETMAP=y
| CONFIG_IP_NF_TARGET_SAME=y
| CONFIG_IP_NF_NAT_IRC=y
| CONFIG_IP_NF_NAT_FTP=y
| CONFIG_IP_NF_NAT_TFTP=y
| CONFIG_IP_NF_NAT_AMANDA=y
Any idea what is going wrong?
Cheers,
Martin
--
while (!asleep)
++sheep;
-=-=- -=-=-=-=-
Dipl.Ing. Martin "Herbert" Dietze -=-=- University of Buckingham -=-=-
|
Similar Threads
Linear Mode
