From: "Adem" <for-gmane@alicewho.com>
To: netfilter@vger.kernel.org
Subject: Re: The "badguy" example in the man page not working (-->"iptables: No chain/target/match by that name")
Date: Fri, 14 Nov 2008 18:48:48 +0100 [thread overview]
Message-ID: <gfkds5$ti4$1@ger.gmane.org> (raw)
In-Reply-To: 1226678430.11373.265.camel@grateful.d.umn.edu
"Matt Zagrabelny" wrote:
> On Fri, 2008-11-14 at 16:22 +0100, Adem wrote:
> > The following example from the man page doesn't work on my box:
> >
> > iptables -A FORWARD -m recent --name badguy --rcheck --seconds 60 -j DROP
> > iptables -A FORWARD -p tcp -i eth0 --dport 139 -m recent --name badguy --set -j DROP
>
> I see 'eth0' in your rule, but below there is no eth0.
Oops. that was just a cut&paste error, I actually had changed it,
tried everything, but w/o success.
Any other ideas what it might be?
BTW, it is a virtual private server (VPS) box, there is nothing under /boot.
Here the version info:
# uname -r
2.6.9-023stab048.4-smp
# iptables --version
iptables v1.3.6
And here the other rules iptables has accepted:
# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
REJECT tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN reject-with tcp-reset
DROP 0 -- anywhere anywhere state INVALID
ACCEPT 0 -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:8443
ACCEPT tcp -- anywhere anywhere tcp dpt:8880
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:submission
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:ssmtp
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s
ACCEPT tcp -- anywhere anywhere tcp dpt:imap2
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps
DROP tcp -- anywhere anywhere tcp dpt:poppassd
DROP tcp -- anywhere anywhere tcp dpt:mysql
DROP tcp -- anywhere anywhere tcp dpt:postgresql
DROP tcp -- anywhere anywhere tcp dpt:9008
DROP tcp -- anywhere anywhere tcp dpt:9080
DROP udp -- anywhere anywhere udp dpt:netbios-ns
DROP udp -- anywhere anywhere udp dpt:netbios-dgm
DROP tcp -- anywhere anywhere tcp dpt:netbios-ssn
DROP tcp -- anywhere anywhere tcp dpt:microsoft-ds
DROP udp -- anywhere anywhere udp dpt:openvpn
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT icmp -- anywhere anywhere icmp type 8 code 0
DROP 0 -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
REJECT tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN reject-with tcp-reset
DROP 0 -- anywhere anywhere state INVALID
ACCEPT 0 -- anywhere anywhere
DROP 0 -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
REJECT tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN reject-with tcp-reset
DROP 0 -- anywhere anywhere state INVALID
ACCEPT 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere
> > It says: "iptables: No chain/target/match by that name"
> >
> > What could be the reason?
> >
> > My ifconfig:
> >
> > lo Link encap:Local Loopback
> > inet addr:127.0.0.1 Mask:255.0.0.0
> > UP LOOPBACK RUNNING MTU:16436 Metric:1
> > RX packets:382878 errors:0 dropped:0 overruns:0 frame:0
> > TX packets:382868 errors:0 dropped:0 overruns:0 carrier:0
> > collisions:0 txqueuelen:0
> > RX bytes:3307823766 (3.0 GiB) TX bytes:78410937 (74.7 MiB)
> >
> > venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
> > inet addr:127.0.0.1 P-t-P:127.0.0.1 Bcast:0.0.0.0 Mask:255.255.255.255
> > UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
> > RX packets:109018 errors:0 dropped:0 overruns:0 frame:0
> > TX packets:101974 errors:0 dropped:0 overruns:0 carrier:0
> > collisions:0 txqueuelen:0
> > RX bytes:49437708 (47.1 MiB) TX bytes:49733010 (47.4 MiB)
> >
> > venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
> > inet addr:87.x.x.x P-t-P:87.x.x.x Bcast:0.0.0.0 Mask:255.255.255.255
> > UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
next prev parent reply other threads:[~2008-11-14 17:48 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-11-14 15:22 The "badguy" example in the man page not working (--> "iptables: No chain/target/match by that name") Adem
2008-11-14 16:00 ` Matt Zagrabelny
2008-11-14 17:48 ` Adem [this message]
2008-11-14 20:15 ` The "badguy" example in the man page not working (-->"iptables: " Matt Zagrabelny
2008-11-14 20:21 ` Matt Zagrabelny
2008-11-16 23:28 ` The "badguy" example in the man page not working(-->"iptables: " Adem
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='gfkds5$ti4$1@ger.gmane.org' \
--to=for-gmane@alicewho.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox