When I run my firewall BASH script, this error comes up: Unknown arg --destination-port

Then I replaced every --destination-port with -dport, and then it complains about : Bad Argument '22' (22 being the SSH port).

This works perfectly at home on my Knoppix debian box.

Any ideas?

_________________
Visit http://www.doc2pdf.net for a free, no-need-to-register .doc to .pdf converter.

I'll venture to guess iptables versions are different??

What's the full line that you're trying to execute?

From the Debian iptables man page:

MATCH EXTENSIONS
       tcp
              These extensions are loaded if `--protocol tcp' is specified. It
              provides the following options:
(snip)
              --destination-port [!] port[:port]
                     Destination port or port range specification.  The flag --dport 
                     is a convenient alias for this option.

-Chris

iptables -A INPUT -s xxx.xxx.xxx.xxx -p tcp --destination-port ssh -j LOG --log-level 1 --log-prefix STRING -m limit
iptables -A INPUT -s xxx.xxx.xxx.xxx -p tcp --destination-port ssh -j ACCEPT


The other line is just the same, but with -dport instead of --destination-port and 22 instead of ssh.

The version on both debians (the knoppix and stable) is 1.2.9.

Hope this clarifies...

_________________
Visit http://www.doc2pdf.net for a free, no-need-to-register .doc to .pdf converter.

li-20:~# cat /etc/debian_version 
3.0
li-20:~# uname -a
Linux li-20.members.linode.com 2.4.25-linode24-1um #2 Sun Mar 28 15:14:01 EST 2004 i686 unknown
li-20:~# apt-get install iptables
Reading Package Lists... Done
Building Dependency Tree... Done
Sorry, iptables is already the newest version.
li-20:~# iptables -V
iptables v1.2.6a
li-20:~# iptables -A INPUT -s 192.168.1.0 -p tcp --destination-port ssh -j LOG --log-level 1 --log-prefix STRING -m limit 
li-20:~# iptables -A INPUT -s 192.168.1.0 -p tcp --destination-port ssh -j ACCEPT 
li-20:~# 

Seems to have worked for me... ?

Maybe some funky-ness in your script?

-Chris

I executed my script line by line, and the last line was causing problems!

Thanks for the help. Happy holidays.

_________________
Visit http://www.doc2pdf.net for a free, no-need-to-register .doc to .pdf converter.

One little note: if you want to use -m owner with Debian stable, you'll need to compile iptables against a new kernel source. Somewhere around 2.4.20, they added another member to a struct that iptables uses, breaking old iptables binaries.

It's pretty simple, IIRC. I just downloaded the latest kernel from kernel.org, unpacked it, downloaded the latest iptables, and told the iptables build process where the kernel source was. If you do this, install in /usr/local instead of /usr so you don't overwrite Debian's iptables. Otherwise, if Debian releases a new iptables version that's still older than your hand-compiled one, the update will overwrite yours and break your firewall scripts.