LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   iptables doesnt start in centos 6.3 (https://www.linuxquestions.org/questions/linux-security-4/iptables-doesnt-start-in-centos-6-3-a-4175454281/)

SarahGurung 03-16-2013 02:03 AM
iptables doesnt start in centos 6.3
 
this same rule worked in centos 5.x series and when i applied the same to centos 6.3 it showed the followign error:
Code:
iptables: Applying firewall rules: iptables-restore v1.4.7: option `--port' requires an argument
Error occurred at line: 25
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
                                                          [FAILED]
i had the following rules:
Code:
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 20 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 20 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -j ACCEPT -p tcp -m multiport --port
s 62222:63333
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
it shows the error in following rules(line 13):
Code:
-A RH-Firewall-1-INPUT -m state --state NEW -j ACCEPT -p tcp -m multiport --port
s 62222:63333
can anyone tell me what's wrong?

kirukan 03-16-2013 02:11 AM
Quote:
multiport
This module matches a set of source or destination ports. Up to 15 ports can be specified. A port range (port : port) counts as two ports. It can only be used in conjunction with -p tcp or -p udp.

[!] --source-ports,--sport port[,port|,port : port]...
Match if the source port is one of the given ports. The flag --sports is a convenient alias for this option. Multiple ports or port ranges are separated using a comma, and a port range is specified using a colon. 53,1024 : 65535 would therefore match ports 53 and all from 1024 through 65535.
[!] --destination-ports,--dport port[,port|,port : port]...
Match if the destination port is one of the given ports. The flag --dports is a convenient alias for this option.
[!] --ports port[,port|,port : port]...
Match if either the source or destination ports are equal to one of the given ports.

The above is the format, i think it can't be "--port s"

SarahGurung 03-16-2013 02:53 AM
thanks...


All times are GMT -5. The time now is 05:41 PM.