I don't think anything is going wrong. They changed the DENY keyword in ipchains to DROP. Same meaning just different word. I also believe that the built-in chains are case sensitive. (ie. must be all caps). Chris On Tue, Mar 19, 2002 at 01:02:38PM -0800, destr0 wrote: > I'll give the problem first, specs second. > > When I try to issue the command: > iptables -P input DENY > > I get the following error: > iptables: Bad built-in chain name > > if I change it to: > iptables -P INPUT DENY > > The error changes to: > iptables: Bad policy name > > It seems that if I change DENY to DROP, it accepts the rule. It seems that > the only TARGETS that I can apply are DROP and ACCEPT. I'm not sure exactly > what is going wrong. > > Any help would be greatly appreciated. > > Specs: > platform RH7.2 > Iptables RPM installed: iptables-1.2.4-2 > newly compiled 2.4.9-31 kernel > configuration I used under "networking options" when I compiled the kernel: > > Packet socket: mmapped IO [y] > Kernel/User netlink socket [y] > Routing messages [y] > Netlink device emulation [y] > Network Packet filtering [y] > Network packet filtering debugging [n] > Socket filtering [y] > Unix domain sockets [y] > TCP/IP networking [y] > TUX <m> > External CGI module [y] > extended TUX logging format [n] > debug TUX [n] > IP: multicastings [n] > IP: advanced Router [y] > IP: policy routing [y] > IP: use netfilter MARK value as routing key [y] > IP: fast network address translation [y] > IP: equal cost mulitpath [y] > IP: use TOS value as routing key [y] > IP: verbose route monitoring [y] > IP: large routing tables [y] > IP: kernel level autoconfiguration [n] > IP: tunneling <m> > IP: GRE tunnels over IP <m> > IP: arp daemon support [n] > IP: TCP explicit congestion notification support [n] > IP: TCP syncookie support [y] > The IPv6 protocol [n] > ATM [n] > The IPX protocol [n] > Appletalk protocol support [n] > DECnet support [n] > 802.1d Ethernet Bridging [n] > CCITT X.25 Packet Layer [n] > LAPB Data Link Driver [n] > 802.2 LLC [n] > Frame Diverter [n] > Acorn Econet/AUN protocols [n] > WAN router [n] > Fast switching [n] > Forwarding between high speed interfaces [n] > > *** Netfilter Configuration Sub-Menu options *** > Connection tracking <m> > FTP protocol support <m> > IRC protocol support <m> > Userspace queueing via NETLINK <m> > IP tables support <m> > limit match support <m> > MAC address match support <m> > netfilter MARK match support <m> > Multiple port match support <m> > TOS match support <m> > tcpmss match support <m> > Connection state match support <m> > Unclean match support <m> > Owner match support <m> > Packet filtering <m> > REJECT target support <m> > MIRROR target support <m> > Full NAT <m> > MASQUERADE target support <m> > REDIRECT target support <m> > Packet mangling <m> > TOS target support <m> > MARK target support <m> > LOG target support <m> > TCPMSS target support <m> > ipchains (2.2-style) support [n] > ipfwadm (2.0-style) support [n] > > ***** IP: Virtual Server Configuration ******** > virtual server support [n] > > ****** QoS and/or fair queueing ******* > QoS and/or fair queueing [y] > CBQ packet scheduler <m> > CSZ packet scheduler <m> > The simplest PRIO pseudoschedular <m> > RED queue <m> > SFQ queue <m> > TEQL queue <m> > TBF queue <m> > GRED queue <m> > Diffserv field marker <m> > Ingress Qdisc <m> > QoS support [y] > Rate estimator [y] > Packet classifier API [y] > TC index classifier <m> > Routing table based classifier <m> > Firewall based classifier <m> > U32 classifier <m> > Special RSVP classifier <m> > Special RSVP classifier <m> > Traffic policing [n] > > > > _______________________________________________ > Twin Cities Linux Users Group Mailing List - Minneapolis/St. Paul, Minnesota > http://www.mn-linux.org > tclug-list at mn-linux.org > https://mailman.mn-linux.org/mailman/listinfo/tclug-list