Linux Netfilter discussions
 help / color / mirror / Atom feed
* Error when adding an entry to mangle/PREROUTING
@ 2009-02-09 20:08 Ralf
  2009-02-09 20:38 ` Gilad Benjamini
  0 siblings, 1 reply; 3+ messages in thread
From: Ralf @ 2009-02-09 20:08 UTC (permalink / raw)
  To: netfilter

The following command brings an error ("iptables: Invalid argument"):

   $IPTABLES -t mangle -A PREROUTING -p tcp --dport 9999 -j REJECT

What's wrong here?


^ permalink raw reply	[flat|nested] 3+ messages in thread
* RE: Error when adding an entry to mangle/PREROUTING
  2009-02-09 20:08 Error when adding an entry to mangle/PREROUTING Ralf
@ 2009-02-09 20:38 ` Gilad Benjamini
  2009-02-10  9:59   ` Ralf
  0 siblings, 1 reply; 3+ messages in thread
From: Gilad Benjamini @ 2009-02-09 20:38 UTC (permalink / raw)
  To: 'Ralf', netfilter

Quoting from man iptables: " This  target is only valid in the INPUT,
FORWARD and OUTPUT chains"

Since the validation is done by the kernel module, you don't see the error
message directly, but rather via syslog; e.g. in my case, in
/var/log/messages you see " kernel: ip_tables: REJECT target: only valid in
filter table, not mangle"

> -----Original Message-----
> From: netfilter-owner@vger.kernel.org [mailto:netfilter-
> owner@vger.kernel.org] On Behalf Of Ralf
> Sent: Monday, February 09, 2009 12:08 PM
> To: netfilter@vger.kernel.org
> Subject: Error when adding an entry to mangle/PREROUTING
> 
> The following command brings an error ("iptables: Invalid argument"):
> 
>    $IPTABLES -t mangle -A PREROUTING -p tcp --dport 9999 -j REJECT
> 
> What's wrong here?
> 
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html


^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: Error when adding an entry to mangle/PREROUTING
  2009-02-09 20:38 ` Gilad Benjamini
@ 2009-02-10  9:59   ` Ralf
  0 siblings, 0 replies; 3+ messages in thread
From: Ralf @ 2009-02-10  9:59 UTC (permalink / raw)
  To: netfilter

Gilad Benjamini wrote:
> Quoting from man iptables: " This  target is only valid in the INPUT,
> FORWARD and OUTPUT chains"
> 
> Since the validation is done by the kernel module, you don't see the error
> message directly, but rather via syslog; e.g. in my case, in
> /var/log/messages you see " kernel: ip_tables: REJECT target: only valid in
> filter table, not mangle"

DROP works, but REJECT does not work.
Maybe it is a bug/oversight, because IMHO I don't see any reason
why REJECT shouldn't be allowed here.


>> -----Original Message-----
>> From: netfilter-owner@vger.kernel.org [mailto:netfilter-
>> owner@vger.kernel.org] On Behalf Of Ralf
>> Sent: Monday, February 09, 2009 12:08 PM
>> To: netfilter@vger.kernel.org
>> Subject: Error when adding an entry to mangle/PREROUTING
>>
>> The following command brings an error ("iptables: Invalid argument"):
>>
>>    $IPTABLES -t mangle -A PREROUTING -p tcp --dport 9999 -j REJECT
>>
>> What's wrong here?


^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2009-02-10  9:59 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-02-09 20:08 Error when adding an entry to mangle/PREROUTING Ralf
2009-02-09 20:38 ` Gilad Benjamini
2009-02-10  9:59   ` Ralf

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox