I'll give the problem first, specs second. When I try to issue the command: iptables -P input DENY I get the following error: iptables: Bad built-in chain name if I change it to: iptables -P INPUT DENY The error changes to: iptables: Bad policy name It seems that if I change DENY to DROP, it accepts the rule. It seems that the only TARGETS that I can apply are DROP and ACCEPT. I'm not sure exactly what is going wrong. Any help would be greatly appreciated. Specs: platform RH7.2 Iptables RPM installed: iptables-1.2.4-2 newly compiled 2.4.9-31 kernel configuration I used under "networking options" when I compiled the kernel: Packet socket: mmapped IO [y] Kernel/User netlink socket [y] Routing messages [y] Netlink device emulation [y] Network Packet filtering [y] Network packet filtering debugging [n] Socket filtering [y] Unix domain sockets [y] TCP/IP networking [y] TUX <m> External CGI module [y] extended TUX logging format [n] debug TUX [n] IP: multicastings [n] IP: advanced Router [y] IP: policy routing [y] IP: use netfilter MARK value as routing key [y] IP: fast network address translation [y] IP: equal cost mulitpath [y] IP: use TOS value as routing key [y] IP: verbose route monitoring [y] IP: large routing tables [y] IP: kernel level autoconfiguration [n] IP: tunneling <m> IP: GRE tunnels over IP <m> IP: arp daemon support [n] IP: TCP explicit congestion notification support [n] IP: TCP syncookie support [y] The IPv6 protocol [n] ATM [n] The IPX protocol [n] Appletalk protocol support [n] DECnet support [n] 802.1d Ethernet Bridging [n] CCITT X.25 Packet Layer [n] LAPB Data Link Driver [n] 802.2 LLC [n] Frame Diverter [n] Acorn Econet/AUN protocols [n] WAN router [n] Fast switching [n] Forwarding between high speed interfaces [n] *** Netfilter Configuration Sub-Menu options *** Connection tracking <m> FTP protocol support <m> IRC protocol support <m> Userspace queueing via NETLINK <m> IP tables support <m> limit match support <m> MAC address match support <m> netfilter MARK match support <m> Multiple port match support <m> TOS match support <m> tcpmss match support <m> Connection state match support <m> Unclean match support <m> Owner match support <m> Packet filtering <m> REJECT target support <m> MIRROR target support <m> Full NAT <m> MASQUERADE target support <m> REDIRECT target support <m> Packet mangling <m> TOS target support <m> MARK target support <m> LOG target support <m> TCPMSS target support <m> ipchains (2.2-style) support [n] ipfwadm (2.0-style) support [n] ***** IP: Virtual Server Configuration ******** virtual server support [n] ****** QoS and/or fair queueing ******* QoS and/or fair queueing [y] CBQ packet scheduler <m> CSZ packet scheduler <m> The simplest PRIO pseudoschedular <m> RED queue <m> SFQ queue <m> TEQL queue <m> TBF queue <m> GRED queue <m> Diffserv field marker <m> Ingress Qdisc <m> QoS support [y] Rate estimator [y] Packet classifier API [y] TC index classifier <m> Routing table based classifier <m> Firewall based classifier <m> U32 classifier <m> Special RSVP classifier <m> Special RSVP classifier <m> Traffic policing [n]