From: "Ranjeet Shetye" <ranjeet.shetye@zultys.com>
To: netfilter@lists.netfilter.org
Subject: RE: unknown arg --syn
Date: Thu, 2 Jan 2003 10:35:38 -0800 [thread overview]
Message-ID: <005c01c2b28d$bf441c40$0100a8c0@zultys.com> (raw)
In-Reply-To: <011e01c2b24a$f7b2a800$13fcc5cb@Housecall>
Don’t use iptables 1.2.7. The NetFilter team released a 1.2.7a version
cos 1.2.7 introduced some serious bugs.
Ranjeet Shetye
Senior Software Engineer
Zultys Technologies
771 Vaqueros Avenue
Sunnyvale CA 94085
USA
Ranjeet.Shetye@Zultys.com
http://www.zultys.com/
> -----Original Message-----
> From: netfilter-admin@lists.netfilter.org
> [mailto:netfilter-admin@lists.netfilter.org] On Behalf Of hare ram
> Sent: Thursday, January 02, 2003 2:38 AM
> To: Keith Mastin; netfilter@lists.netfilter.org
> Subject: Re: unknown arg --syn
>
>
> Hi
>
> iam using redhat 8.0
> better u upgrate Iptables to 1.2.7
> its works fine
>
> hare
> ----- Original Message -----
> From: "Keith Mastin" <kmastin@beechtree.ca>
> To: <netfilter@lists.netfilter.org>
> Sent: Wednesday, January 01, 2003 5:07 AM
> Subject: unknown arg --syn
>
>
> > This should be so simple, yet it's eluding me... a simple iptables
> > script on a protected machine, with a few rules where the
> syn flag is
> > set returns an error:
> >
> > rule example (lives all on one line in script):
> > iptables -A INPUT -p tcp -s 0/0 -d 192.168.0.167/32
> --destination-port 22
> > --syn -j ACCEPT
> >
> > the error when the script is run:
> > [root@spy root]# sh ./iptables-rules
> > iptables v1.2.5: Unknown arg `--syn'
> > Try `iptables -h' or 'iptables --help' for more information.
> >
> > sure enough, no mention of --syn in iptables -h
> >
> > from man iptables:
> > [!] --syn
> > Only match TCP packets with the SYN bit set and the ACK
> and FIN bits
> > cleared. Such packets are used to request TCP connection
> > initiation; for example, blocking such packets coming in an
> > interface will prevent incoming TCP connections, but outgoing TCP
> > connections will be unaffected. It is equivalent to --tcp-flags
> > SYN,RST,ACK SYN. If the "!" flag precedes the "--syn",
> the sense
> > of the option is inverted.
> >
> > I also replaced --syn with --tcp-flags SYN,RST,ACK SYN,
> which resulted
> > in the error: [root@spy root]# sh ./iptables-rules
> > iptables v1.2.5: Unknown arg `--tcp-flags'
> > Try `iptables -h' or 'iptables --help' for more information.
> >
> > I think I'm too close to see the solution, so if anybody can see it
> > right off, it would be much appreciated...
> >
> > System info:
> > Redhat 7.3
> > kernel-2.4.18-19.7.x.athlon
> >
> > Also tried on another system with similar results:
> > Redhat 7.3
> > kernel-2.4.18-3smp
> >
> > TIA
> >
> >
> >
> >
>
>
prev parent reply other threads:[~2003-01-02 18:35 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-12-31 23:37 unknown arg --syn Keith Mastin
2003-01-02 9:23 ` Dharmendra.T
2003-01-02 10:37 ` hare ram
2003-01-02 18:35 ` Ranjeet Shetye [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='005c01c2b28d$bf441c40$0100a8c0@zultys.com' \
--to=ranjeet.shetye@zultys.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.