Sun Feb 05, 2017 1:06 am
Hi folks,
Please bear with me, as I'm a bit rusty with this Linux stuff (well, very rusty for the last 15 years - last used 2.2.39).
I'm trying to use iptables, but I can't get it to not track some traffic (using the NOTRACK or CT --notrack targets).
I'm using a recent version of iptables-persistent (1.4.21), so this should work, but I keep getting this response:
"iptables: No chain/target/match by that name."
So ... is it me, or is there something not quite right in the kernel's netfilter?
What's wrong with this rule?
iptables -t raw -A PREROUTING -p udp -m udp --dport 53 -j NOTRACK
(or iptables -t raw -A PREROUTING -p udp -m udp --dport 53 -j CT --notrack)
Both give "iptables: No chain/target/match by that name."
How ancient is this kernel -- I thought NOTRACK was included from 2.6.something ?!?
[ ... and yes, I had noticed that this kernel's netfilter doesn't have multiport support, according to /boot/config :]
best regards from a puzzled
Lawrence
Please bear with me, as I'm a bit rusty with this Linux stuff (well, very rusty for the last 15 years - last used 2.2.39).
I'm trying to use iptables, but I can't get it to not track some traffic (using the NOTRACK or CT --notrack targets).
I'm using a recent version of iptables-persistent (1.4.21), so this should work, but I keep getting this response:
"iptables: No chain/target/match by that name."
So ... is it me, or is there something not quite right in the kernel's netfilter?
What's wrong with this rule?
iptables -t raw -A PREROUTING -p udp -m udp --dport 53 -j NOTRACK
(or iptables -t raw -A PREROUTING -p udp -m udp --dport 53 -j CT --notrack)
Both give "iptables: No chain/target/match by that name."
How ancient is this kernel -- I thought NOTRACK was included from 2.6.something ?!?
[ ... and yes, I had noticed that this kernel's netfilter doesn't have multiport support, according to /boot/config :]
best regards from a puzzled
Lawrence