SV: SV: --comment gives me iptables: No chain/target/match by that name.

[André Paulsberg-Csibi (IBM Consultant) <Andre.Paulsberg-Csibi@xxxxxxxx>]

Hi again Brent ,

That was VERY short ...
However it seems like your ONE rule is already there , maybe it could be the reason for the message .

Could you try the following , in same order :

/sbin/iptables --line-numbers -nvL INPUT
/sbin/iptables -D INPUT 1
/sbin/iptables --line-numbers -nvL INPUT
/sbin/iptables -A INPUT -p icmp -m icmp --icmp-type 13 -j DROP
/sbin/iptables --line-numbers -nvL INPUT


Best regards
André Paulsberg-Csibi
Senior Network Engineer 
IBM Services AS


Sensitivity: Internal

-----Opprinnelig melding-----
Fra: netfilter-owner@xxxxxxxxxxxxxxx <netfilter-owner@xxxxxxxxxxxxxxx> På vegne av Brent Clark
Sendt: mandag 2. juli 2018 12.09
Til: netfilter <netfilter@xxxxxxxxxxxxxxx>
Emne: Re: SV: --comment gives me iptables: No chain/target/match by that name.

Good day André

Thanks for replying. Please see below.

#  /sbin/iptables-save
# Generated by iptables-save v1.6.1 on Mon Jul  2 12:03:31 2018 *filter :INPUT ACCEPT [9:636] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [5:800] -A INPUT -p icmp -m icmp --icmp-type 13 -j DROP COMMIT # Completed on Mon Jul  2 12:03:31 2018

Regards
Brent


On 02/07/2018 11:47, André Paulsberg-Csibi (IBM Consultant) wrote:
> The error message seems to tell you have no chain defined under the 
> name INPUT , would it be possible to get a dump from iptables using "/sbin/iptables-save"
> 
> 
> Best regards
> André Paulsberg-Csibi
> Senior Network Engineer
> IBM Services AS
> 
> 
> Sensitivity: Internal
> 
> -----Opprinnelig melding-----
> Fra: netfilter-owner@xxxxxxxxxxxxxxx <netfilter-owner@xxxxxxxxxxxxxxx> 
> På vegne av Brent Clark
> Sendt: mandag 2. juli 2018 11.42
> Til: netfilter <netfilter@xxxxxxxxxxxxxxx>
> Emne: --comment gives me iptables: No chain/target/match by that name.
> 
> Good day Guys
> 
> Im sitting with a very weird problem, and Im hoping someone could be of assistance.
> 
> If I add comments to the end of my rules, I get 'iptables: No chain/target/match by that name.'
> 
> If I remove the comment(s), all is well.
> 
> Im running Debian Stretch (I too upgraded to iptables from backports).
> 
> 
> # /sbin/iptables -A INPUT -p icmp -m icmp --icmp-type 13 -j DROP -m comment --comment  '900 drop ICMP timestamp requests'
> iptables: No chain/target/match by that name.
> 
> # /sbin/iptables -A INPUT -p icmp -m icmp --icmp-type 13 -j DROP #
> 
> # iptables -n -L -v | grep DROP
> 0     0 DROP       icmp --  *      *       0.0.0.0/0
> 0.0.0.0/0            icmptype 13
> 
> I have googled and double checked the documentation, and from what I can see, Im not doing anything wrong.
> 
> If anyone can assist, it would greatly be appreciated.
> 
> Kind Regards
> 
> Brent Clark
> 
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" 
> in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo 
> info at  
> https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fvger
> .kernel.org%2Fmajordomo-info.html&data=02%7C01%7CAndre.Paulsberg-Csibi
> %40evry.com%7C092775f1472847d3beec08d5e0001673%7C40cc2915e2834a2794716
> bdd7ca4c6e1%7C1%7C0%7C636661213333921085&sdata=5S5kFDMxYSpNVb8p4hVMHNJ
> LqDDvKLKPd5%2FULLVNFrI%3D&reserved=0
> 
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at  https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fvger.kernel.org%2Fmajordomo-info.html&data=02%7C01%7CAndre.Paulsberg-Csibi%40evry.com%7Cd08aa60b662e43b78e4308d5e003d31e%7C40cc2915e2834a2794716bdd7ca4c6e1%7C1%7C0%7C636661229385720529&sdata=VPuKHl%2BuJ443grV3cdWcKJbKvJFCaCW5nRNSSgS2Sik%3D&reserved=0
��.n��������+%������w��{.n����z��׫�)��jg��������ݢj����G�������j:+v���w�m������w�������h�����٥