iptables Nessun target catena di corrispondenza per nome

Ciao a tutti nel mio server Ubuntu voglio bloccare la port ftp per tutti ma io quando lancio il command:

iptables -A INPUT -p tcp --destination-port 21 -j DROP 

Restituisci questo errore: iptables: Nessuna catena / target / corrispondenza con quel nome

  • Memcached Lagging
  • Come utilizzare fail2ban per analizzare il registro di accesso Nginx per contare gli indirizzi 404 e il ban IP?
  • authbind + java + ubuntu ancora non riesce - perché?
  • Trasferire i dati MySQL in un'altra directory
  • Samba: installazione di session non rioutput: NT_STATUS_LOGON_FAILURE
  • Ridire la networking locale senza allow_localnet
  • Le linee di command:

     root@webanddesignsrl-one:/# iptables -A input -p tcp --destination-port 21 -j DROP iptables: No chain/target/match by that name. 

    ho visto molte domande su di esso:

    iptables: Nessuna catena / target / corrispondenza a tale nome
    https://serverfault.com/questions/422103/iptables-no-chain-target-match-by-that-name
    iptables error: Nessuna catena / target / match di questo nome?

    nessuno mi aiuta. come posso risolvere?

    Il server è un Ubuntu 10.04

    l'output di lsmod è:

     binfmt_misc 7960 1 act_police 4620 0 cls_flow 7754 0 cls_fw 4283 0 cls_u32 6698 0 sch_htb 15660 0 sch_hfsc 15167 0 sch_ingress 2098 0 sch_sfq 5863 0 xt_time 2181 0 xt_connlimit 3396 0 xt_realm 1058 0 iptable_raw 2230 0 xt_comment 1032 18 xt_recent 8218 0 xt_policy 2614 0 ipt_ULOG 8199 0 ipt_REJECT 2384 4 ipt_REDIRECT 1269 0 ipt_NETMAP 1261 0 ipt_MASQUERADE 1863 0 ipt_ECN 1953 0 ipt_ecn 1505 0 ipt_CLUSTERIP 6151 0 ipt_ah 1245 0 ipt_addrtype 2151 4 nf_nat_tftp 1017 0 nf_nat_snmp_basic 8796 0 nf_nat_sip 6169 0 nf_nat_pptp 2245 0 nf_nat_proto_gre 1719 1 nf_nat_pptp nf_nat_irc 1577 0 nf_nat_h323 5978 0 nf_nat_ftp 2513 0 nf_nat_amanda 1275 0 ts_kmp 1933 5 nf_conntrack_amanda 2977 1 nf_nat_amanda nf_conntrack_sane 4240 0 nf_conntrack_tftp 4001 1 nf_nat_tftp nf_conntrack_sip 18894 1 nf_nat_sip nf_conntrack_proto_sctp 8072 0 nf_conntrack_pptp 5566 1 nf_nat_pptp nf_conntrack_proto_gre 4798 1 nf_conntrack_pptp nf_conntrack_netlink 16910 0 nf_conntrack_netbios_ns 1662 0 nf_conntrack_irc 4429 1 nf_nat_irc nf_conntrack_h323 55193 1 nf_nat_h323 nf_conntrack_ftp 7126 1 nf_nat_ftp xt_tcpmss 1605 0 xt_pkttype 1160 0 xt_physdev 1739 0 xt_owner 1250 0 xt_NFQUEUE 2344 0 xt_NFLOG 1193 0 nfnetlink_log 9053 1 xt_NFLOG xt_multiport 2794 5 xt_MARK 1055 1 xt_mark 1055 0 xt_mac 1116 0 xt_limit 2180 0 xt_length 1320 0 xt_iprange 1645 0 xt_helper 1463 0 xt_hashlimit 10027 0 xt_DSCP 2277 0 xt_dscp 1829 0 xt_dccp 2213 0 xt_conntrack 2774 0 xt_CONNMARK 1473 0 xt_connmark 1345 0 xt_CLASSIFY 1067 0 ipt_LOG 5370 9 xt_tcpudp 2667 16 xt_state 1490 6 iptable_nat 5219 0 nf_nat 19501 12 ipt_REDIRECT,ipt_NETMAP,ipt_MASQUERADE,nf_nat_tftp,nf_nat_sip,nf_nat_pptp,nf_nat_proto_gre,nf_nat_irc,nf_nat_h323,nf_nat_ftp,nf_nat_amanda,iptable_nat nf_conntrack_ipv4 12980 9 iptable_nat,nf_nat nf_defrag_ipv4 1481 1 nf_conntrack_ipv4 nf_conntrack 73966 31 xt_connlimit,ipt_MASQUERADE,ipt_CLUSTERIP,nf_nat_tftp,nf_nat_snmp_basic,nf_nat_sip,nf_nat_pptp,nf_nat_irc,nf_nat_h323,nf_nat_ftp,nf_nat_amanda,nf_conntrack_amanda,nf_conntrack_sane,nf_conntrack_tftp,nf_conntrack_sip,nf_conntrack_proto_sctp,nf_conntrack_pptp,nf_conntrack_proto_gre,nf_conntrack_netlink,nf_conntrack_netbios_ns,nf_conntrack_irc,nf_conntrack_h323,nf_conntrack_ftp,xt_helper,xt_conntrack,xt_CONNMARK,xt_connmark,xt_state,iptable_nat,nf_nat,nf_conntrack_ipv4 iptable_mangle 3315 1 nfnetlink 4142 2 nf_conntrack_netlink,nfnetlink_log iptable_filter 2791 1 ip_tables 18358 4 iptable_raw,iptable_nat,iptable_mangle,iptable_filter x_tables 22461 43 xt_time,xt_connlimit,xt_realm,xt_comment,xt_recent,xt_policy,ipt_ULOG,ipt_REJECT,ipt_REDIRECT,ipt_NETMAP,ipt_MASQUERADE,ipt_ECN,ipt_ecn,ipt_CLUSTERIP,ipt_ah,ipt_addrtype,xt_tcpmss,xt_pkttype,xt_physdev,xt_owner,xt_NFQUEUE,xt_NFLOG,xt_multiport,xt_MARK,xt_mark,xt_mac,xt_limit,xt_length,xt_iprange,xt_helper,xt_hashlimit,xt_DSCP,xt_dscp,xt_dccp,xt_conntrack,xt_CONNMARK,xt_connmark,xt_CLASSIFY,ipt_LOG,xt_tcpudp,xt_state,iptable_nat,ip_tables xen_netfront 17890 0 xen_blkfront 10665 2 

    iptables -L -n -v ouptut:

     Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 754K 78M fail2ban-ssh tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 22 1526K 96M dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW 24M 2925M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 1286K 82M net2fw all -- eth0 * 0.0.0.0/0 0.0.0.0/0 0 0 vpn2fw all -- tun0 * 0.0.0.0/0 0.0.0.0/0 240K 14M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:' 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto] Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 net2vpn all -- eth0 tun0 0.0.0.0/0 0.0.0.0/0 0 0 vpn2net all -- tun0 eth0 0.0.0.0/0 0.0.0.0/0 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:' 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto] Chain OUTPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 16M 42G ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 71152 6791K fw2net all -- * eth0 0.0.0.0/0 0.0.0.0/0 0 0 fw2vpn all -- * tun0 0.0.0.0/0 0.0.0.0/0 240K 14M ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:OUTPUT:REJECT:' 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto] Chain Drop (0 references) pkts bytes target prot opt in out source destination 0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 /* Auth */ 0 0 dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 4 /* Needed ICMP types */ 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 /* Needed ICMP types */ 0 0 dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 135,445 /* SMB */ 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:137:139 /* SMB */ 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:137 dpts:1024:65535 /* SMB */ 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 135,139,445 /* SMB */ 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 /* UPnP */ 0 0 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 /* Late DNS Replies */ Chain Reject (7 references) pkts bytes target prot opt in out source destination 253K 27M all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 /* Auth */ 253K 27M dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 4 /* Needed ICMP types */ 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 /* Needed ICMP types */ 16815 783K dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 135,445 /* SMB */ 0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:137:139 /* SMB */ 0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:137 dpts:1024:65535 /* SMB */ 920 46820 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 135,139,445 /* SMB */ 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 /* UPnP */ 10408 517K dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 /* Late DNS Replies */ Chain dropBcast (2 references) pkts bytes target prot opt in out source destination 236K 26M DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 224.0.0.0/4 Chain dropInvalid (2 references) pkts bytes target prot opt in out source destination 5487 219K DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID Chain dropNotSyn (2 references) pkts bytes target prot opt in out source destination 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 Chain dynamic (2 references) pkts bytes target prot opt in out source destination Chain fail2ban-ssh (1 references) pkts bytes target prot opt in out source destination 750K 78M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 Chain fw2net (1 references) pkts bytes target prot opt in out source destination 71152 6791K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain fw2vpn (1 references) pkts bytes target prot opt in out source destination 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:fw2vpn:REJECT:' 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto] Chain logdrop (0 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain logreject (0 references) pkts bytes target prot opt in out source destination 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 Chain net2fw (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1723 1812 103K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 4565 260K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 1026K 55M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 306 15344 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 253K 27M Reject all -- * * 0.0.0.0/0 0.0.0.0/0 10408 517K LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:net2fw:REJECT:' 10408 517K reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto] Chain net2vpn (1 references) pkts bytes target prot opt in out source destination 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:net2vpn:REJECT:' 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto] Chain reject (14 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match src-type BROADCAST 0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0 0 0 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0 11328 564K REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset 0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-unreachable 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain shorewall (0 references) pkts bytes target prot opt in out source destination Chain smurfs (0 references) pkts bytes target prot opt in out source destination 0 0 RETURN all -- * * 0.0.0.0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match src-type BROADCAST LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:' 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match src-type BROADCAST 0 0 LOG all -- * * 224.0.0.0/4 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:' 0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0 Chain vpn2fw (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain vpn2net (1 references) pkts bytes target prot opt in out source destination 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:vpn2net:REJECT:' 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto] 

  • Problemi con Firewall durante la distribuzione di Tomcat a CentOS
  • Posso colbind, ma non posso pingare / percorrere i computer VPN remoti
  • Copia / traffico dello specchio alle interfacce WAN senza supporto "iptables tee"
  • La differenza tra il command ping e il path?
  • le regole iptable non bloccano
  • Come si sceglie l'indirizzamento IP?
  • 2 Solutions collect form web for “iptables Nessun target catena di corrispondenza per nome”

    Guarda, Alessandro, tu mi hai detto di aver digitato iptables -A INPUT ma quando – dopo un po 'di prodding – hai finalmente tagliato e incollato, si scopre che stai scrivendo iptables -A input . Queste non sono la stessa cosa. iptables – come gran parte di UNIX – è sensibile alla distinzione tra maiuscole e minuscole.

    Provate a utilizzare iptables -A INPUT -p tcp --dport 21 -j DROP e dovrebbe funzionare molto meglio.

    Inoltre, questa regola aggiunta non farà nulla, perché non vedrà mai il traffico ftp. Questo è già stato permesso dalla regola 3 nella catena net2fw . Se si desidera bloccare le connessioni ftp in arrivo, è necessario fare iptables -D net2fw 3 invece.

    Che dire di questo?

     iptables -A INPUT -p tcp --dport 21 -j DROP 
    Suggerimenti per Linux e Windows Server, quali Ubuntu, Centos, Apache, Nginx, Debian e argomenti di rete.