No chain/target/match by that name
Steve Turnbull
steve.turnbull at yhgfl.net
Sun Sep 5 17:55:42 CEST 2004
Jason Opperisano wrote:
> On Sun, 2004-09-05 at 10:31, Steve Turnbull wrote:
>
>>Hi
>>
>>Our web server is configured;
>>Debian (Woody) (No X installed)
>>Kernel 2.4.23 - configured with iptables in mind
>>iptables v1.2.6a
>>
>>When we start the firewall script, we get this message;
>>'No chain/target/match by that name'
>
>
> start your fw script with the following:
>
> bash -x <script>
>
> and it will show you the parsing of every line and you will be able to
> see which line causes the error.
>
> if i had to take a stab in the dark--i'd guess it's "-m state" rule;
> which would mean you built your kernel without connection tracking
> support--which would explain the other behavior as well...
>
> the connection tracking option is "CONFIG_IP_NF_CONNTRACK" in your
> kernel config. i *highly* recommend including it unless you have a very
> compelling reason not to.
>
> -j
>
Also, using bash -x did show that the script falls over at the '-m
state' rule...
Steve
--
Steve Turnbull
Digital Content Developer
YHGfL Foundation
t 01724 275030
e steve.turnbull at yhgfl.net
More information about the netfilter
mailing list