hi, when you are using implicit matching syntax such as "--dport" or "--sport", then you have to specify the specific protocol. There are currently three types of implicit matches for three different protocols. These are TCP matches, UDP matches and ICMP matches. The TCP based matches contain a set of unique criteria that are available only for TCP packets. UDP based matches contain another set of criteria that are available only for UDP packets. And the same thing for ICMP packets. Hence you have to use the option "-p tcp" or "-p udp" when you want to use it with "--dport" option. hope that explains ur doubt. Regards Iyer Anantharaman On Thu, 14 Aug 2003 12:16:10 +0530, Payal Rathod wrote > Hi, > Why does this give an error, > > # iptables -A INPUT -p all -s 0/0 -d 192.168.0.10 --dport 21 -j ACCEPT > iptables v1.2.7a: Unknown arg `--dport' > Try `iptables -h' or 'iptables --help' for more information. > > and this, > > # iptables -A INPUT -s 0/0 -d 192.168.0.10 --dport 21 -j ACCEPT > iptables v1.2.7a: Unknown arg `--dport' > Try `iptables -h' or 'iptables --help' for more information. > > But this works, > > # iptables -A INPUT -p tcp -s 0/0 -d 192.168.0.10 --dport 21 -j ACCEPT > > Why does it not work without -p and even with -p tcp? > > With warm regards, > -Payal > > -- > "Visit GNU/Linux Success Stories" > http://payal.staticky.com > Guest-Book Section Updated. -- Open WebMail Project (http://openwebmail.org)
