Gilad Benjamini wrote:
Quoting from man iptables: " This target is only valid in the INPUT, FORWARD and OUTPUT chains" Since the validation is done by the kernel module, you don't see the error message directly, but rather via syslog; e.g. in my case, in /var/log/messages you see " kernel: ip_tables: REJECT target: only valid in filter table, not mangle"
DROP works, but REJECT does not work. Maybe it is a bug/oversight, because IMHO I don't see any reason why REJECT shouldn't be allowed here.
-----Original Message----- From: netfilter-owner@xxxxxxxxxxxxxxx [mailto:netfilter- owner@xxxxxxxxxxxxxxx] On Behalf Of Ralf Sent: Monday, February 09, 2009 12:08 PM To: netfilter@xxxxxxxxxxxxxxx Subject: Error when adding an entry to mangle/PREROUTING The following command brings an error ("iptables: Invalid argument"): $IPTABLES -t mangle -A PREROUTING -p tcp --dport 9999 -j REJECT What's wrong here?
-- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html