length match problem

All of lore.kernel.org
 help / color / mirror / Atom feed

* length match problem
@ 2003-01-08 22:14 Jackfritt
  2003-01-09  2:39 ` Fabrice MARIE
  0 siblings, 1 reply; 3+ messages in thread
From: Jackfritt @ 2003-01-08 22:14 UTC (permalink / raw)
  To: netfilter

Ok I have the following problem.

iptables -A OUTPUT -o ppp0 -p tcp -m length --length :40 -j MARK 
--set-mark 10

That should mark all ACK's or not ?

When I try to do this I get the error:

iptables: Invalid argument

I found out that this has something to do with the length match.
Because not used I don't get an error message. I looked around and found 
an example in netfilter-extensions-HOWTO with icmp:

iptables -A INPUT -p icmp --icmp-type echo-request -m length --length 
86:0xffff -j DROP

When I try to do something like this it doesn't work too :(

So now my question is what am I doin wrong ?

Sorry I'm not an iptables guy an I only tried a script from somewhere 
else. But this one line doesn't work.

anyone can help me ?

Thx

Joerg Esser

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: length match problem
  2003-01-08 22:14 length match problem Jackfritt
@ 2003-01-09  2:39 ` Fabrice MARIE
  2003-01-09  7:53   ` Jörg Esser
  0 siblings, 1 reply; 3+ messages in thread
From: Fabrice MARIE @ 2003-01-09  2:39 UTC (permalink / raw)
  To: Jackfritt; +Cc: netfilter


Hello Joerg,

On Thursday 09 January 2003 06:14, Jackfritt wrote:
> Ok I have the following problem.
> iptables -A OUTPUT -o ppp0 -p tcp -m length --length :40 -j MARK --set-mark 10
> That should mark all ACK's or not ?
> When I try to do this I get the error:
> iptables: Invalid argument
> [...]
> So now my question is what am I doin wrong ?

Typically when the only error message from iptables
is 'Invalid Argument', the actual error message would
be most of the time in the kernel log.
i.e. If I run your command above, it tells me

# dmesg
MARK: can only be called from "mangle" table, not "filter"

So, you should be using a -t mangle in front..

Have a nice day,

Fabrice.
--
Fabrice MARIE

"Silly hacker, root is for administrators"
       -Unknown


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: length match problem
  2003-01-09  2:39 ` Fabrice MARIE
@ 2003-01-09  7:53   ` Jörg Esser
  0 siblings, 0 replies; 3+ messages in thread
From: Jörg Esser @ 2003-01-09  7:53 UTC (permalink / raw)
  To: netfilter



Fabrice MARIE wrote:

>Hello Joerg,
>
>On Thursday 09 January 2003 06:14, Jackfritt wrote:
>  
>
>>Ok I have the following problem.
>>iptables -A OUTPUT -o ppp0 -p tcp -m length --length :40 -j MARK --set-mark 10
>>That should mark all ACK's or not ?
>>When I try to do this I get the error:
>>iptables: Invalid argument
>>[...]
>>So now my question is what am I doin wrong ?
>>    
>>
>
>Typically when the only error message from iptables
>is 'Invalid Argument', the actual error message would
>be most of the time in the kernel log.
>i.e. If I run your command above, it tells me
>
># dmesg
>MARK: can only be called from "mangle" table, not "filter"
>  
>
Hmm forget to look there (Just a newbie ;)

>So, you should be using a -t mangle in front..
>  
>
Thx that did it.

>Have a nice day,
>  
>
You too.




^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2003-01-09  7:53 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-01-08 22:14 length match problem Jackfritt
2003-01-09  2:39 ` Fabrice MARIE
2003-01-09  7:53   ` Jörg Esser

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.