iptables question: no chain/target/match by that name...
Hi World!
The lokkit question yesterday by Faheem Mitha prompted me to install
lokkit on Sarge.
As Dircha pointed out: it don't work.
All lokkit does is create a little iptables script that sits in
/etc/default/lokkit.
Then upon boot lokkit in /etc/init.d executes that script.
As Dircha also said: you have to dig into iptables. (1) which kernel
options do you need?
I figured out that you need <network packet filtering>, <netfilter,
iptables support> and <netfilter packet filtering>. I am not sure you
need the last one.
(2)Now execution of that script gets:
Starting basic firewall rules: + PATH=/sbin:/sbin:/bin:/usr/sbin:/usr/bin
+ iptables -N RH-Lokkit-0-50-INPUT
+ iptables -F RH-Lokkit-0-50-INPUT
+ iptables -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
+ iptables -A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
+ iptables -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --syn -j
REJECT
iptables: No chain/target/match by that name
+ iptables -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049 --syn -j
REJECT
iptables: No chain/target/match by that name
+ iptables -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j REJECT
iptables: No chain/target/match by that name
+ iptables -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 2049 -j REJECT
iptables: No chain/target/match by that name
+ iptables -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 6000:6009 --syn
-j REJECT
iptables: No chain/target/match by that name
+ iptables -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 --syn -j
REJECT
iptables: No chain/target/match by that name
failed.
Now I know nothing of iptables, but why can he do destination port 80
and not 0:1023? If you delete the --dport 80 rule and put 0:1023 in its
place, he says the same thing.
Where do you find this info?
Thanks!
Hugo
Reply to: