Hello, I have found a bug in iptables when "-j ULOG" and "-m state" are used together, for example: $ iptables -A ssh -j ULOG -p tcp -m state --state NEW reports: iptables v1.2.6a: You must specify `--state' Try `iptables -h' or 'iptables --help' for more information. but using DROP works fine: $ iptables -A ssh -j DROP -p tcp -m state --state NEW (no error) $ iptables -L ssh target prot opt source destination ACCEPT tcp -- anywhere xxx.xxx.xxx.xxx state ESTABLISHED DROP tcp -- anywhere anywhere state NEW (first rule is not important...) Kernel is 2.4.19, iptables are v1.2.6a and system is Debian based (iptables are from .deb packet, and kernel is manually bulit from kernel-source-2.4.19). I haven't found anything about that in changelog for v1.2.7a, but maybe it has been already fixed. Anyone else with same problem? p.s. It could also be Debian specific problem, in that case I'll send bug report to them, but I would like to check with you first. TIA
