I try to run a sample test of netfilter_queue. When I install a rule using iptables, the following error happens:
net@net:~$ sudo iptables -A OUTPUT -p icmp -j NFQUEUE -–queue-num 0
iptables v1.4.21: unknown option "-j"
Try `iptables -h' or 'iptables --help' for more information.
After several retries, it still fails with the same error. But when I try the following commands, strange thing happens:
net@net:~$ sudo iptables -A OUTPUT -p icmp -j NFQUEUE -queue-num 0
iptables v1.4.21: unknown option "-j"
Try `iptables -h' or 'iptables --help' for more information.
net@net:~$ sudo iptables -A OUTPUT -p icmp -j NFQUEUE --queue-num 0
net@net:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
NFQUEUE icmp -- anywhere anywhere NFQUEUE num 0
That is to say, before executing sudo iptables -A OUTPUT -p icmp -j NFQUEUE --queue-num 0, if I run sudo iptables -A OUTPUT -p icmp -j NFQUEUE -queue-num 0, then the command will succeed.
I do not know why this happens, can anyone figure it out? Thanks.
No, it is nothing to do with command order, if you look carefully, you are not using ascii dash here, -–queue-num 0, the second dash, maybe it is a full width dash you copied from a webpage.
The second command failed simply because -queue-num 0 is wrong according to NJQUEUE's documentation.
The third command is right, that's why it succeed, it has nothing to do with the previous failures.