iptables: No chain/target/match by that name

[billy_bass26]

Hi,

I have a perl script which runs the iptables chain below everytime a UDP flood is detected originating from within the network. I want to limit the amount of packets but am having trouble with the chain

Code:

iptables -A OUPUT -o tap2 -s 192.168.2.240 -p udp -m limit --limit 5/m -j ACCEPT

and get this error.

Code:

iptables: No chain/target/match by that name

i've also tried this from command line

Code:

iptables -A OUTPUT  -o tap2 -s 192.168.2.240 -p udp -m limit --limit 5/m --limit-burst 10 --syn -j
ACCEPT

but the same error.

Please help!!

Billy

[Lazydog]

Instead of using the OUTPUT chain why are you not using the INPUT/FORWARD chain? OUTPUT chain is just for traffic that originates on that system not what is passing through it. Also if it is originating from with in the network you shouldn't use a source address so that you catch everything.

Some more information you should be aware of the '-A' Appends this to the end of the chain. In other words if there is a rule that accepts the traffic before this one this rule will never take effect.

Another question is why is this not part of your set rules to begin with? Why wait until it is detected?

To answer your question I believe it is because of your spelling;

"OUPUT" -> Incorrect
"OUTPUT" -> Correct

This did not work for me either

Code:

iptables -A OUPUT -o tap2 -s 192.168.2.240 -p udp -m limit --limit 5/m -j ACCEPT

This did work for me

Code:

iptables -A OUTPUT -o tap2 -s 192.168.2.240 -p udp -m limit --limit 5/m -j ACCEPT