Serguei Bezverkhi (sbezverk) <sbezverk@xxxxxxxxx> wrote: > Hello Florian, > > Thank you very much for your reply. Once I changed to Input chain type, the rule worked. It seems iptables DO allow the same rule configuration see below: > > -A PREROUTING -m comment --comment "kubernetes service portals" -j KUBE-SERVICES > -A KUBE-SERVICES -d 57.131.151.19/32 -p tcp -m comment --comment "default/portal:portal has no endpoints" -m tcp --dport 8989 -j REJECT --reject-with icmp-port-unreachable No idea how this could work: iptables -t nat -A PREROUTING -j REJECT iptables: Invalid argument. Run `dmesg' for more information. dmesg | tail -1 x_tables: ip_tables: REJECT target: only valid in filter That check has been there since beginning of git history.
