Hi, I am having trouble to add a rule as simple as iptables -A INPUT --protocol tcp --tcp-flags ALL SYN,ACK -j DROP I only get the error: iptables: No chain/target/match by that name This happens while I am playing with an embedded box (linksys NSLU). I realized before that some other rules did fail because some kernel modules where missing and I found out which and then installed them. But with this rule I have, after searching for a long time now, absolutely no idea which kernel module can be missing to give me the match tcp-flags. No howtos or tutorials nor google or the Kernel sources gives any hint on that. The only kernel module that seems to have something to do with tcp-flags at all is TCPMSS, but that doesn't look like helping with general analysis of tcp flags. Any ideas? Henning
