View previous topic :: View next topic |
Author |
Message |
parado n00b
Joined: 20 Apr 2013 Posts: 2
|
Posted: Sat Apr 20, 2013 10:27 am Post subject: iptables issue |
|
|
Hello guys,
I try to setup my firewall and have a little problem with it:
Quote: | iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
iptables: No chain/target/match by that name.
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
iptables: No chain/target/match by that name.
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
iptables: No chain/target/match by that name.
iptables -A INPUT -i eth0 -p tcp --dport 80 -j LOG --log-prefix "Apache Access" --log-level 6 -m limit --limit 25/m
iptables: No chain/target/match by that name. |
I am running a kernel builded by myself
I tought, this is the problem, then I build a fresh bzImage where ALL netfilter options are checked, but the problem is still the same
Does anyone have an idea what can be the problem? |
|
Back to top |
|
|
Schnulli Guru
Joined: 25 Jun 2010 Posts: 320 Location: Bremen DE
|
Posted: Sat Apr 20, 2013 11:57 am Post subject: Re: iptables issue |
|
|
parado wrote: | Hello guys,
I try to setup my firewall and have a little problem with it:
Quote: | iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
iptables: No chain/target/match by that name.
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
iptables: No chain/target/match by that name.
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
iptables: No chain/target/match by that name.
iptables -A INPUT -i eth0 -p tcp --dport 80 -j LOG --log-prefix "Apache Access" --log-level 6 -m limit --limit 25/m
iptables: No chain/target/match by that name. |
I am running a kernel builded by myself
I tought, this is the problem, then I build a fresh bzImage where ALL netfilter options are checked, but the problem is still the same
Does anyone have an idea what can be the problem? |
a missing chain maybe?
let me ask, ur writing the rules urself? what kind of firewall you need?
How you planed to load them? by autostart iptables? or a script? i wouldt load it by a script so you can leave a few more lines of usefull instructions
I am using for some reasons webmin... > networking > linux-firewall (quick but in this case not dirty)
here you have an easy way to set up a very simple firewall and, if you like some rules, this module also reads them and reports mistakes.... or u use some Gui Firewall interfaces , up to you
seems to me you need to read a little abt iptables "mangle"
regards |
|
Back to top |
|
|
khayyam Watchman
Joined: 07 Jun 2012 Posts: 6227 Location: Room 101
|
Posted: Sat Apr 20, 2013 12:33 pm Post subject: |
|
|
parado ...
by the looks of things your missing CONFIG_NETFILTER_XT_MATCH_LIMIT and possibly CONFIG_NETFILTER_XT_TARGET_LOG.
best ... khay |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|