LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 02-13-2004, 08:56 AM   #1
Prommy
LQ Newbie
 
Registered: Apr 2003
Location: Sweden
Distribution: Fedora
Posts: 10

Rep: Reputation: 0
iptables-restore fails with quite ordinary (i think) configuration


Hi.
I decided that I'd better get a firewall up and running. Since I'm on Fedora I started system-config-securitylevel, left all settings at default values and clicked ok. This generated the following /etc/sysconfig/iptables file:

# Firewall configuration written by redhat-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

Problem is when I try to start iptables, iptables-restore chokes up the following error message:

iptables-restore: line 16 failed

where line 16 simply is the COMMIT line. Anyone knows what could be wrong?

/Daniel
 
Old 02-13-2004, 11:27 AM   #2
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
Always happens to me when I do a new kernel.
Iptables needs to match the current kernel, so either reinstall the rpm to replace all the files and links or build one from scratch..
 
Old 02-13-2004, 11:29 AM   #3
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
And a 2nd comment...

Those rules don't actually do anything...
They allow certain things in, when the default is ACCEPT anyway.
If nothing matches the rules, it is still going to be allowed in...
 
Old 02-13-2004, 12:40 PM   #4
Prommy
LQ Newbie
 
Registered: Apr 2003
Location: Sweden
Distribution: Fedora
Posts: 10

Original Poster
Rep: Reputation: 0
Ok. Tried to rebuild iptables. No difference.

If the rules doesn't do something, I guess system-config-securitylevel is quite flaud then huh?

/Daniel
 
Old 02-16-2004, 05:50 PM   #5
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
Now that I have my reading glasses on, I can see the last rule, REJECTing everything...

Another thought tho'...
to get around the loading error, do service iptables stop then enter them manually, in that sequence, put 'iptables' before the -A..
then do service iptables save to rewrite them.
Then they should load properly!

iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -N RH-Firewall-1-INPUT
iptables -A INPUT -j RH-Firewall-1-INPUT
iptables -A FORWARD -j RH-Firewall-1-INPUT
iptables -A RH-Firewall-1-INPUT -i lo -j ACCEPT
iptables -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
iptables -A RH-Firewall-1-INPUT -p 50 -j ACCEPT
iptables -A RH-Firewall-1-INPUT -p 51 -j ACCEPT
iptables -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited

Last edited by peter_robb; 02-16-2004 at 05:58 PM.
 
Old 02-17-2004, 07:37 AM   #6
Prommy
LQ Newbie
 
Registered: Apr 2003
Location: Sweden
Distribution: Fedora
Posts: 10

Original Poster
Rep: Reputation: 0
I've fixed it now. It was a couple of things I'd missed in my kernel config...

/Daniel
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
KDE Restore Session Fails Delphi123 Linux - Software 0 06-25-2005 04:39 PM
Restore video configuration from terminal leiterboss Linux - Newbie 1 04-26-2005 12:56 PM
How can i save and restore all configuration? Barata Linux - Networking 0 06-07-2004 05:12 PM
restoring iptables-restore Zaius Linux - Newbie 7 01-22-2004 12:55 PM
iptables-restore error on COMMIT budzynm Linux - Security 1 08-01-2003 04:21 PM


All times are GMT -5. The time now is 05:29 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration