[HLFL] Unknown arg `--reject-with'
Stephane Bortzmeyer
bortzmeyer at nic.fr
Fri Apr 7 10:35:20 EDT 2006
I compiled HLFL rules on a RedHat RHEL machine and, when trying to run
the produced iptables script, I get:
+ /sbin/iptables --append ALL --source 0.0.0.0/0 --destination 0.0.0.0/0 --protocol tcp --jump LOG_REJECT --reject-with tcp-reset
iptables v1.2.11: Unknown arg `--reject-with'
Try `iptables -h' or 'iptables --help' for more information.
Apparently (see the man page of iptables), --reject-with can be used
only with plain REJECT:
% sudo /sbin/iptables --append ALL --source 1.2.3.4/0 --destination 0.0.0.0/0 --protocol tcp --jump LOG_REJECT --reject-with tcp-reset iptables v1.2.11: Unknown arg `--reject-with'
Try `iptables -h' or 'iptables --help' for more information.
% sudo /sbin/iptables --append ALL --source 1.2.3.4/0 --destination 0.0.0.0/0 --protocol tcp --jump REJECT --reject-with tcp-reset
%
% sudo /sbin/iptables --append ALL --source 1.2.3.4/0 --destination 0.0.0.0/0 --protocol tcp --jump LOG_REJECT
So, hlfl seems wrong: it should add --reject-with only to the rules
which jump to REJECT, not to those who jump to LOG_REJECT.
Comment?
More information about the hlfl
mailing list