I have an am335x Starter Kit with version 6 of the SDK pre-built image. I have also tried this with SDK 7, but I am using SDK 6 since it seems to be the latest image with wifi support.
I am trying to setup a stateful firewall using the following iptables commands:
iptables -P INPUT DROP iptables -P FORWARD DROP iptables -N TCP iptables -N UDP iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -i eth0 -j ACCEPT iptables -A INPUT -i wlan0 -j ACCEPT iptables -A INPUT -m conntrack --ctstate INVALID -j DROP iptables -A INPUT -p icmp --icmp-type 8 -m conntrack --ctstate NEW -j ACCEPT iptables -A INPUT -p udp -m conntrack --ctstate NEW -j UDP iptables -A INPUT -p tcp --syn -m conntrack --ctstate NEW -j TCP iptables -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable iptables -A INPUT -p tcp -j REJECT --reject-with tcp-rst iptables -A INPUT -j REJECT --reject-with icmp-proto-unreachable iptables -A TCP -p tcp --dport 22 -j ACCEPT
On any of the commands involving '-m conntrack', it fails with:
iptables: No chain/target/match by that name.
'modprobe nf_conntrack' did not help.
I tried purposefully misspelling parts of the command like ESTABLISHED and ACCEPT, and they result in a different error (couldn't load target). It seems to indicate the error is complaining about the '-A INPUT' portion of the command, yet it works perfectly fine with other commands.
Any help is much appreciated.