Odd -m state Error Msg

All of lore.kernel.org
 help / color / mirror / Atom feed

* Odd -m state Error Msg
@ 2007-03-12  6:11 Rudi Starcevic
  2007-03-12  6:36 ` Graham Murray
  0 siblings, 1 reply; 3+ messages in thread
From: Rudi Starcevic @ 2007-03-12  6:11 UTC (permalink / raw)
  To: netfilter

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Hi,

I've just built a new 2.6.20.1 kernel and am seeing
this error from my standard firewall script:

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: Invalid argument

I've checked and checked and just not sure why my INPUT
state command is now not happy ???

Any ideas what I've done wrong with this new kernel?

Any advise much appreciated .. thanks ...


/usr/src/linux# grep -i netfilter .config

CONFIG_NETFILTER=y
# CONFIG_NETFILTER_DEBUG is not set
CONFIG_BRIDGE_NETFILTER=y
# Core Netfilter Configuration
# CONFIG_NETFILTER_NETLINK is not set
CONFIG_NETFILTER_XTABLES=m
# CONFIG_NETFILTER_XT_TARGET_CLASSIFY is not set
# CONFIG_NETFILTER_XT_TARGET_MARK is not set
# CONFIG_NETFILTER_XT_TARGET_NFQUEUE is not set
# CONFIG_NETFILTER_XT_TARGET_NFLOG is not set
# CONFIG_NETFILTER_XT_MATCH_COMMENT is not set
# CONFIG_NETFILTER_XT_MATCH_CONNBYTES is not set
CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m
# CONFIG_NETFILTER_XT_MATCH_DCCP is not set
# CONFIG_NETFILTER_XT_MATCH_DSCP is not set
# CONFIG_NETFILTER_XT_MATCH_ESP is not set
# CONFIG_NETFILTER_XT_MATCH_HELPER is not set
# CONFIG_NETFILTER_XT_MATCH_LENGTH is not set
CONFIG_NETFILTER_XT_MATCH_LIMIT=m
# CONFIG_NETFILTER_XT_MATCH_MAC is not set
# CONFIG_NETFILTER_XT_MATCH_MARK is not set
# CONFIG_NETFILTER_XT_MATCH_POLICY is not set
# CONFIG_NETFILTER_XT_MATCH_MULTIPORT is not set
# CONFIG_NETFILTER_XT_MATCH_PHYSDEV is not set
# CONFIG_NETFILTER_XT_MATCH_PKTTYPE is not set
# CONFIG_NETFILTER_XT_MATCH_QUOTA is not set
# CONFIG_NETFILTER_XT_MATCH_REALM is not set
# CONFIG_NETFILTER_XT_MATCH_SCTP is not set
CONFIG_NETFILTER_XT_MATCH_STATE=m
# CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set
# CONFIG_NETFILTER_XT_MATCH_STRING is not set
# CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set
# CONFIG_NETFILTER_XT_MATCH_HASHLIMIT is not set
# IP: Netfilter Configuration
# IPv6: Netfilter Configuration (EXPERIMENTAL)
# DECnet: Netfilter Configuration
# Bridge: Netfilter Configuration


- --
Thank you.
Regards,
Rudi.

- -- Wildcash.com Support

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFF9O8FgOUisCetzRYRAgZ4AJkBf7Kxs7b0OAeeV2qHY/Y4ArHXpACfV+2S
xjEh4Xq8PRD/a2LyuQDrwlY=
=16xX
-----END PGP SIGNATURE-----



^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Odd -m state Error Msg
  2007-03-12  6:11 Odd -m state Error Msg Rudi Starcevic
@ 2007-03-12  6:36 ` Graham Murray
  2007-03-12  6:46   ` Rudi Starcevic
  0 siblings, 1 reply; 3+ messages in thread
From: Graham Murray @ 2007-03-12  6:36 UTC (permalink / raw)
  To: netfilter

Rudi Starcevic <tech@wildcash.com> writes:

> Hi,
>
> I've just built a new 2.6.20.1 kernel and am seeing
> this error from my standard firewall script:
>
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables: Invalid argument

To use state, you must also specify the protocol eg 
iptables -A INPUT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Odd -m state Error Msg
  2007-03-12  6:36 ` Graham Murray
@ 2007-03-12  6:46   ` Rudi Starcevic
  0 siblings, 0 replies; 3+ messages in thread
From: Rudi Starcevic @ 2007-03-12  6:46 UTC (permalink / raw)
  To: netfilter

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Hi Graham,

Thanks but still same error msg:

iptables -A INPUT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: Invalid argument

Some more info:

/lib/modules/2.6.20.1/kernel/net/netfilter# ls
nf_conntrack.ko  nf_conntrack_ftp.ko  x_tables.ko  xt_conntrack.ko
xt_limit.ko  xt_state.ko  xt_tcpudp.ko

Strange why I'm getting this error .... it's a standard 2.6 build and the
same firewall script/commands I use regularly on earlier kernels.

- --
Thank you.
Regards,
Rudi.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFF9Pc6gOUisCetzRYRAvp2AJkBAHi+IBwduQ/Ty4V4BPK5SKmmpgCfQYJX
HBQhcDh043BiwomvF0uDhuw=
=ucQr
-----END PGP SIGNATURE-----



^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2007-03-12  6:46 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-03-12  6:11 Odd -m state Error Msg Rudi Starcevic
2007-03-12  6:36 ` Graham Murray
2007-03-12  6:46   ` Rudi Starcevic

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.