iptables question: no chain/target/match by that name...

[hugo vanwoerkom]

Hi World!

The lokkit question yesterday by Faheem Mitha prompted me to install 
lokkit on Sarge.

As Dircha pointed out: it don't work.

All lokkit does is create a little iptables script that sits in 
/etc/default/lokkit.

Then upon boot lokkit in /etc/init.d executes that script.

As Dircha also said: you have to dig into iptables. (1) which kernel 
options do you need?

I figured out that you need <network packet filtering>, <netfilter, 
iptables support> and <netfilter packet filtering>. I am not sure you 
need the last one.

(2)Now execution of that script gets:

Starting basic firewall rules: + PATH=/sbin:/sbin:/bin:/usr/sbin:/usr/bin
+ iptables -N RH-Lokkit-0-50-INPUT
+ iptables -F RH-Lokkit-0-50-INPUT
+ iptables -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
+ iptables -A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
+ iptables -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --syn -j 
REJECT
iptables: No chain/target/match by that name
+ iptables -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049 --syn -j 
REJECT
iptables: No chain/target/match by that name
+ iptables -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j REJECT
iptables: No chain/target/match by that name
+ iptables -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 2049 -j REJECT
iptables: No chain/target/match by that name
+ iptables -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 6000:6009 --syn 
-j REJECT
iptables: No chain/target/match by that name
+ iptables -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 --syn -j 
REJECT
iptables: No chain/target/match by that name
failed.

Now I know nothing of iptables, but why can he do destination port 80 
and not 0:1023? If you delete the --dport 80 rule and put 0:1023 in its 
place, he says the same thing.

Where do you find this info?

Thanks!

Hugo

--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]