4

When I try to run iptables -A control_in -p tcp --dport 22 -j ACCEPT I get the error message iptables v1.4.20: unknown option "--dport". Everything I've found on the internet and serverfault relating to this message was due to people not specifying a protocol. However I am doing that (-p tcp). I've also tried running it with multiple --verbose options but I don't get any more info.

Edit: Michael Hampton's answer led me to the correct answer. It was a broken iptables install that was missing some libraries from /usr/lib/xtables. The --match argument is redundant if iptables is given the -p argument, except that it only complains about the missing libraries if given --match.

Shum
  • 153
  • 1
  • 2
  • 6
  • 1
    Shum, please consider writing your solution up as an answer an accepting it; it will stop this question floating around forever, like a querulous albatross! – MadHatter Jul 24 '14 at 12:11

2 Answers2

1

--dport is part of the tcp match, which is -m or --match.

This would work:

iptables -A control_in -p tcp -m tcp --dport 22 -j ACCEPT
suprjami
  • 3,536
  • 21
  • 29
  • 1
    In my case, this gives me the following error: `iptables v1.8.7 (legacy): Couldn't load match `tcp':No such file or directory` – Adrien Pavao Jul 23 '21 at 00:07
  • The above syntax works for me with `iptables v1.8.4 (legacy)` on Ubu 20.04. The iptables TCP module `/usr/lib/x86_64-linux-gnu/xtables/libxt_tcp.so` is owned by the iptables package. Maybe you're missing some files? – suprjami Jul 24 '21 at 02:30
0

Maybe you are missing sudo. Try adding sudo at the start of the command.

Pratik Nagelia
  • 101