Hi, I am having trouble to add a rule as simple as iptables -A INPUT --protocol tcp --tcp-flags ALL SYN,ACK -j DROP I only get the error: iptables: No chain/target/match by that name I am experimenting with an embedded box (linksys NSLU) and I realized before that some other rules did fail because some kernel modules where missing and I found out which and then installed them. But with this rule I have, after searching for a long time now, absolutely no idea which kernel module can be missing to give me the match tcp-flags. None of the howtos or tutorials nor google gives any hint on that. The only kernel module that seems to have something to do with tcp-flags at all I found by searching in the kernel source is TCPMSS, but that doesn't look like helping with general analysis of tcp flags. Any ideas? Henning
