On Tue, Nov 26, 2002 at 08:53:46AM -0500, Joel Newkirk wrote: > > > > > > Does the ULOG target work in other uses, IE "iptables -A FORWARD -j ULOG" > > > ? > > > > Nope, it gives same error: > > > > $ iptables -A FORWARD -j ULOG -p tcp -m state --state NEW > > iptables v1.2.6a: You must specify `--state' > > > > with INPUT and OUTPUT, also same thing. I'm not doing anything special > > (like NAT, conntrack, ftp, ...), just plain INPUT filtering. > > Well, did you try the example I asked about? I suspect not, because the Oh, I thought that you were referring to other chains... > problem here seems to be that "-j ULOG" should be AFTER the state matching > part of the rule... If I enter the line you used, I get the same '--state' > error, but if I put the target after the match (or remove the match, as per > my debugging suggestion above) it does NOT. When using reversed order (first state, then ULOG) it works fine, thanks for resolving this. -- @
