| View previous topic :: View next topic |
| Author |
Message |
mauricev
Apprentice
Joined: 22 Mar 2004
Posts: 203
|
 Posted: Wed Oct 11, 2017 5:31 pm Post subject: iptables: Protocol wrong type for socket |
 |
|
I'm getting this error on running certain commands with iptables
| Code: |
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j missingsynpackets
iptables -A INPUT -i eth0 -p tcp --sport 20 --dport 1024:65535 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
|
The kernel is 4.13.4-gentoo
iptables is 1.6.1-r1.
Loaded iptables-related modules are
| Code: |
nf_conntrack_ftp
xt_state
nf_conntrack
nf_log_ipv4
nf_log_common
xt_LOG
iptable_filter
ip_tables |
Is a module missing? |
|
| Back to top |
|
 |
mauricev
Apprentice
Joined: 22 Mar 2004
Posts: 203
|
| Posted: Wed Oct 11, 2017 8:09 pm Post subject: |
|
|
The error is caused by the fact that "state" is no longer a valid keyword. Now, for example, the line
| Code: | | iptables -A INPUT -p tcp ! --syn -m state --state NEW -j missingsynpackets |
should be replaced with
| Code: | | iptables -A INPUT -p tcp ! --syn -m conntrack --ctstate NEW -j missingsynpackets |
|
|
| Back to top |
|
|
szatox
Advocate
Joined: 27 Aug 2013
Posts: 3489
|
| Posted: Thu Oct 12, 2017 8:16 pm Post subject: |
|
|
| Interesting.... State has been an alias for contrack for ages. Actually I came to expect it would stay this way, because breaking compatibility for sake of changing the module name didn't seem beneficial. |
|
| Back to top |
|
|
Ant P.
Watchman
Joined: 18 Apr 2009
Posts: 6920
|
|
| Back to top |
|
|
|
Networking & Security
