iptables -j NFQUEUE unknown option error

Question

I try to run a sample test of netfilter_queue. When I install a rule using iptables, the following error happens:

net@net:~$ sudo iptables -A OUTPUT -p icmp -j NFQUEUE -–queue-num 0
iptables v1.4.21: unknown option "-j"
Try `iptables -h' or 'iptables --help' for more information.

After several retries, it still fails with the same error. But when I try the following commands, strange thing happens:

net@net:~$ sudo iptables -A OUTPUT -p icmp -j NFQUEUE -queue-num 0
iptables v1.4.21: unknown option "-j"
Try `iptables -h' or 'iptables --help' for more information.

net@net:~$ sudo iptables -A OUTPUT -p icmp -j NFQUEUE --queue-num 0

net@net:~$ sudo iptables -L

Chain INPUT (policy ACCEPT)

target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

NFQUEUE    icmp --  anywhere             anywhere             NFQUEUE num 0

That is to say, before executing sudo iptables -A OUTPUT -p icmp -j NFQUEUE --queue-num 0, if I run sudo iptables -A OUTPUT -p icmp -j NFQUEUE -queue-num 0, then the command will succeed.

I do not know why this happens, can anyone figure it out? Thanks.

Answer 1

No, it is nothing to do with command order, if you look carefully, you are not using ascii dash here, -–queue-num 0, the second dash, maybe it is a full width dash you copied from a webpage. The second command failed simply because -queue-num 0 is wrong according to NJQUEUE's documentation. The third command is right, that's why it succeed, it has nothing to do with the previous failures.