Re: missing module for tcp-flags match?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Henning Sprang wrote:

When tyring to set up the rule:

iptables -A INPUT --protocol tcp --tcp-flags ALL SYN,ACK -j DROP



I just tried this with iptables 1.3.5, linux-2.6.16-xen:

iptables -A INPUT -p tcp -m tcp \
         --tcp-flags FIN,SYN,RST,PSH,ACK,URG SYN,ACK -j DROP

and it works.


I only get the error:

iptables: No chain/target/match by that name
Not sure this is relevant but while attempting to add ipset support I got the same error message. It turned out that my kernel and modules were out of sync. 

Hope that helps, :m)
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux