On 2009-02-16 14:14, Sylvester Lykkehus wrote:
Hi list,
I'm unable to get iptables to accept the -m state argument: iptables -I INPUT -p tcp --dport 21 -m state --state NEW -m recent --set --name FTPD iptables: Invalid argument
If i ommit "-m state --state NEW" in the above command, it succeeds.
Simple test which also fails: iptables -I INPUT -p tcp --dport 23 -m state --state NEW -j DROP iptables: Invalid argument
The state module does seem to get loaded, as 'iptables -m state --state asdf' returns: iptables v1.4.0: Bad state `asdf'
Also -m conntrack --ctstate fails.
openSUSE 11.0 (i586) kernel-default-2.6.25.20-0.1 iptables-1.4.0-40.1
lsmod | grep -e ipt -e xt -e nf xt_state 6656 0 nf_conntrack 66900 1 xt_state xt_tcpudp 7296 0 iptable_filter 7552 0 ip_tables 17936 1 iptable_filter x_tables 21380 4 xt_state,xt_tcpudp,ip_tables,ip6_tables
Strace is here: http://solidonline.dk/iptables.strace.txt
Best regards Sylvester Lykkehus
I forgot to check dmesg which said "can't load conntrack support for proto=2". Google led to 'modprobe nf_conntrack_ipv4' which solved my problem. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org