In my system the same command does not show me any errors. My modules is slightly different: [root@davila ~]# lsmod Module Size Used by ipt_TOS 2497 2 ipt_length 1857 2 ipt_MARK 2497 2 ipt_limit 2625 8 ipt_LOG 6977 8 ipt_REJECT 5953 1 ipt_state 1985 19 iptable_filter 3137 1 iptable_nat 7749 0 ip_nat 18925 1 iptable_nat ip_conntrack 52717 3 ipt_state,iptable_nat,ip_nat nfnetlink 6617 2 ip_nat,ip_conntrack iptable_mangle 3009 1 ip_tables 20033 10 ipt_TOS,ipt_length,ipt_MARK,ipt_limit,ipt_LOG,ipt_REJECT,ipt_state,iptable_filter,iptable_nat,iptable_mangle my kernel is 2.6.15-1.1830_FC4 and my iptables version is iptables v1.3.4 Particularly, I don't see the nfnetlink in your kernel but I don't know for sure if it's the problem. Hope this help. Jorge. El mié, 01-03-2006 a las 12:14 -0500, Sun Susan-SSUN2 escribió: > Dear Sir: > > I'm new to network security and this is my first time to use iptables, > when I run a firewall script, I got the following error: > > + /sbin/iptables -A INPUT -m limit --limit 3/minute --limit-burst 3 -j > LOG --log-level DEBUG --log-prefix 'IPT INPUT packet died: ' > iptables: Invalid argument > > I also tried -m owner option, it give me same error: "iptables: Invalid > argument". > > But I don't get error for -m state. I can use iptables -L to see other > rules except the error commands. > > I have the follow modules listed when I run lsmod: > ipt_owner 3976 0 > ipt_MASQUERADE 4960 1 > ipt_REJECT 8520 1 > ipt_state 2688 4 > ipt_limit 3488 0 > ipt_LOG 8288 0 > iptable_nat 35162 2 ipt_MASQUERADE > iptable_mangle 5248 0 > ip_conntrack 62332 3 ipt_MASQUERADE,ipt_state,iptable_nat > iptable_filter 4888 1 > ip_tables 25088 9 > ipt_owner,ipt_MASQUERADE,ipt_REJECT,ipt_state,ipt_limit,ipt_LOG,iptable_ > nat,iptable_mangle,iptable_filter > > Can anyone help me how to solve the error? > > Thanks in advance, > Susan > -- Jorge Isaac Davila Lopez Nicaragua Open Source +505 808 2478 davila@xxxxxxxxxxxxxxxxxxxxxxx
