This seems like a very simple question. But I don't see anything much about it on the web. The command comes from the RHEL documentation itself, so I would expect that it works… and yet it fails. Any insight?
Command:
/sbin/iptables -A INPUT -m state --state NEW -m tcp -p udp --dport 25150 -j ACCEPT
Output:
iptables: Invalid argument. Run `dmesg' for more information.
dmesg log:
[ 1719.334534] x_tables: ip_tables: tcp match: only valid for protocol 6
Best Answer
Congratulations, you found an error in the RHEL documentation.
The iptables rule shown here uses the
tcp
matcher but then attempts to specify theudp
protocol. This doesn't work; thetcp
matcher can only be used with protocol 6, which happens to betcp
. Thus the error you received.To correct the rule you have to first figure out which is wrong, the matcher or the protocol. Unfortunately this error has been propagated all over the Internet so this isn't so easy to figure out from an Internet search, and even the Cobbler documentation doesn't clearly mention it.
You can sort it out easily by inspecting the output of
ss -nl
, and there you should find cobbler listening on TCP port 25150, not UDP. Thus you replaceudp
withtcp
and then report the documentation error to Red Hat.