Linux – iptables error: unknown option –dport

firewalliptableslinuxnetworking

The command iptables no longer recognizes one of the most commonly used options when defining rules: --dport.

I get this error:

[root@dragonweyr /home/calyodelphi]# iptables -A INPUT --dport 7777 -j ACCEPT_TCP_UDP
iptables v1.4.7: unknown option `--dport'
Try `iptables -h' or 'iptables --help' for more information.

The add rule command above is just an example for enabling Terraria connections.

Here's what I currently have as a barebones iptables configuration (listiptables is aliased to iptables -L -v --line-numbers), and it's obvious that --dport has worked in the past:

root@dragonweyr /home/calyodelphi]# listiptables 
Chain INPUT (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1       39  4368 ACCEPT     all  --  lo     any     anywhere             anywhere            
2      114 10257 ACCEPT     all  --  any    any     anywhere             anywhere            state RELATED,ESTABLISHED 
3        1    64 ACCEPT     tcp  --  eth1   any     anywhere             anywhere            tcp dpt:EtherNet/IP-1 
4       72 11610 ACCEPT     all  --  eth1   any     anywhere             anywhere            

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 91 packets, 10045 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain ACCEPT_TCP_UDP (0 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere

I'm also trying to define a custom chain (inspired by this question) to accept tcp & udp connections so that I don't have to define two rules for everything that I want to enable tcp and udp for (such as a Minecraft or Terraria server, or another service entirely). But even this doesn't work:

[root@dragonweyr /home/calyodelphi]# iptables -P ACCEPT_TCP_UDP DROP
iptables: Bad built-in chain name.

This is getting to be very frustrating, in polite terms (the amount of cussing involved with this would make a sailor tell me to watch my mouth). My Google-fu is terrible, so I've yet to find a working solution for any of this. I'm running CentOS 6.5 on the router. Any help and pointers that you guys can offer would be awesome.

EDIT:

Bonus question: I'm also planning to configure port forwarding as well. Is it still necessary to set rules to accept incoming connections over specific ports?

Best Answer

First give a -p option like -p tcp or -p udp.

Examples:

iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j DROP

iptables -A INPUT -p udp --dport 53 --sport 1024:65535 -j ACCEPT

You could also try -p all but I've never done that and don't find too much support for it in the examples.

Related Topic