Here is the script I'm trying to use:
#!/bin/sh
#
# iptables Start iptables firewall
#
# chkconfig: 2345 08 92
# description: Starts, stops and saves iptables firewall
#
# config: /etc/sysconfig/iptables
# config: /etc/sysconfig/iptables-config
# Source function library.
. /etc/init.d/functions
IPTABLES=iptables
IPTABLES_DATA=/etc/sysconfig/$IPTABLES
IPTABLES_CONFIG=/etc/sysconfig/${IPTABLES}-config
IPV=${IPTABLES%tables} # ip for ipv4 | ip6 for ipv6
PROC_IPTABLES_NAMES=/proc/net/${IPV}_tables_names
VAR_SUBSYS_IPTABLES=/var/lock/subsys/$IPTABLES
if [ ! -x /sbin/$IPTABLES ]; then
echo -n $"/sbin/$IPTABLES does not exist."; warning; echo
exit 0
fi
if lsmod 2>/dev/null | grep -q ipchains ; then
echo -n $"ipchains and $IPTABLES can not be used together."; warning; echo
exit 0
fi
# Old or new modutils
/sbin/modprobe --version 2>&1 | grep -q module-init-tools \
&& NEW_MODUTILS=1 \
|| NEW_MODUTILS=0
# Default firewall configuration:
IPTABLES_MODULES=""
IPTABLES_MODULES_UNLOAD="yes"
IPTABLES_SAVE_ON_STOP="no"
IPTABLES_SAVE_ON_RESTART="no"
IPTABLES_SAVE_COUNTER="no"
IPTABLES_STATUS_NUMERIC="no"
# Load firewall configuration.
[ -f "$IPTABLES_CONFIG" ] && . "$IPTABLES_CONFIG"
rmmod_r() {
# Unload module with all referring modules.
# At first all referring modules will be unloaded, then the module itself.
local mod=$1
local ret=0
local ref=
# Get referring modules.
# New modutils have another output format.
[ $NEW_MODUTILS = 1 ] \
&& ref=`lsmod | awk "/^${mod}/ { print \\\$4; }" | tr ',' ' '` \
|| ref=`lsmod | grep ^${mod} | cut -d "[" -s -f 2 | cut -d "]" -s -f 1`
# recursive call for all referring modules
for i in $ref; do
rmmod_r $i
let ret+=$?;
done
# Unload module.
# The extra test is for 2.6: The module might have autocleaned,
# after all referring modules are unloaded.
if grep -q "^${mod}" /proc/modules ; then
modprobe -r $mod > /dev/null 2>&1
let ret+=$?;
fi
return $ret
}
flush_n_delete() {
# Flush firewall rules and delete chains.
[ -e "$PROC_IPTABLES_NAMES" ] || return 1
# Check if firewall is configured (has tables)
tables=`cat $PROC_IPTABLES_NAMES 2>/dev/null`
[ -z "$tables" ] && return 1
echo -n $"Flushing firewall rules: "
ret=0
# For all tables
for i in $tables; do
# Flush firewall rules.
$IPTABLES -t $i -F;
let ret+=$?;
# Delete firewall chains.
$IPTABLES -t $i -X;
let ret+=$?;
# Set counter to zero.
$IPTABLES -t $i -Z;
let ret+=$?;
done
[ $ret -eq 0 ] && success || failure
echo
return $ret
}
set_policy() {
# Set policy for configured tables.
policy=$1
# Check if iptable module is loaded
[ ! -e "$PROC_IPTABLES_NAMES" ] && return 1
# Check if firewall is configured (has tables)
tables=`cat $PROC_IPTABLES_NAMES 2>/dev/null`
[ -z "$tables" ] && return 1
echo -n $"Setting chains to policy $policy: "
ret=0
for i in $tables; do
echo -n "$i "
case "$i" in
filter)
$IPTABLES -t filter -P INPUT $policy \
&& $IPTABLES -t filter -P OUTPUT $policy \
&& $IPTABLES -t filter -P FORWARD $policy \
|| let ret+=1
;;
nat)
$IPTABLES -t nat -P PREROUTING $policy \
&& $IPTABLES -t nat -P POSTROUTING $policy \
&& $IPTABLES -t nat -P OUTPUT $policy \
|| let ret+=1
;;
mangle)
$IPTABLES -t mangle -P PREROUTING $policy \
&& $IPTABLES -t mangle -P POSTROUTING $policy \
&& $IPTABLES -t mangle -P INPUT $policy \
&& $IPTABLES -t mangle -P OUTPUT $policy \
&& $IPTABLES -t mangle -P FORWARD $policy \
|| let ret+=1
;;
*)
let ret+=1
;;
esac
done
[ $ret -eq 0 ] && success || failure
echo
return $ret
}
start() {
# Do not start if there is no config file.
[ -f "$IPTABLES_DATA" ] || return 1
echo -n $"Applying $IPTABLES firewall rules: "
OPT=
[ "x$IPTABLES_SAVE_COUNTER" = "xyes" ] && OPT="-c"
$IPTABLES-restore $OPT $IPTABLES_DATA
if [ $? -eq 0 ]; then
success; echo
else
failure; echo; return 1
fi
# Load additional modules (helpers)
if [ -n "$IPTABLES_MODULES" ]; then
echo -n $"Loading additional $IPTABLES modules: "
ret=0
for mod in $IPTABLES_MODULES; do
echo -n "$mod "
modprobe $mod > /dev/null 2>&1
let ret+=$?;
done
[ $ret -eq 0 ] && success || failure
echo
fi
touch $VAR_SUBSYS_IPTABLES
return $ret
}
stop() {
# Do not stop if iptables module is not loaded.
[ -e "$PROC_IPTABLES_NAMES" ] || return 1
flush_n_delete
set_policy ACCEPT
if [ "x$IPTABLES_MODULES_UNLOAD" = "xyes" ]; then
echo -n $"Unloading $IPTABLES modules: "
ret=0
rmmod_r ${IPV}_tables
let ret+=$?;
rmmod_r ${IPV}_conntrack
let ret+=$?;
[ $ret -eq 0 ] && success || failure
echo
fi
rm -f $VAR_SUBSYS_IPTABLES
return $ret
}
save() {
# Check if iptable module is loaded
[ ! -e "$PROC_IPTABLES_NAMES" ] && return 1
# Check if firewall is configured (has tables)
tables=`cat $PROC_IPTABLES_NAMES 2>/dev/null`
[ -z "$tables" ] && return 1
echo -n $"Saving firewall rules to $IPTABLES_DATA: "
OPT=
[ "x$IPTABLES_SAVE_COUNTER" = "xyes" ] && OPT="-c"
ret=0
TMP_FILE=`/bin/mktemp -q /tmp/$IPTABLES.XXXXXX` \
&& chmod 600 "$TMP_FILE" \
&& $IPTABLES-save $OPT > $TMP_FILE 2>/dev/null \
&& size=`stat -c '%s' $TMP_FILE` && [ $size -gt 0 ] \
|| ret=1
if [ $ret -eq 0 ]; then
if [ -e $IPTABLES_DATA ]; then
cp -f $IPTABLES_DATA $IPTABLES_DATA.save \
&& chmod 600 $IPTABLES_DATA.save \
|| ret=1
fi
if [ $ret -eq 0 ]; then
cp -f $TMP_FILE $IPTABLES_DATA \
&& chmod 600 $IPTABLES_DATA \
|| ret=1
fi
fi
[ $ret -eq 0 ] && success || failure
echo
rm -f $TMP_FILE
return $ret
}
status() {
# Do not print status if lockfile is missing and iptables modules are not
# loaded.
# Check if iptable module is loaded
if [ ! -f "$VAR_SUBSYS_IPTABLES" ]; then
echo $"Firewall is stopped."
return 1
fi
# Check if firewall is configured (has tables)
if [ ! -e "$PROC_IPTABLES_NAMES" ]; then
echo $"Firewall is not configured. "
return 1
fi
tables=`cat $PROC_IPTABLES_NAMES 2>/dev/null`
if [ -z "$tables" ]; then
echo $"Firewall is not configured. "
return 1
fi
NUM=
[ "x$IPTABLES_STATUS_NUMERIC" = "xyes" ] && NUM="-n"
for table in $tables; do
echo $"Table: $table"
$IPTABLES -t $table --list $NUM && echo
done
return 0
}
restart() {
[ "x$IPTABLES_SAVE_ON_RESTART" = "xyes" ] && save
stop
start
}
case "$1" in
start)
stop
start
RETVAL=$?
;;
stop)
[ "x$IPTABLES_SAVE_ON_STOP" = "xyes" ] && save
stop
RETVAL=$?
;;
restart)
restart
RETVAL=$?
;;
condrestart)
[ -e "$VAR_SUBSYS_IPTABLES" ] && restart
;;
status)
status
RETVAL=$?
;;
panic)
flush_n_delete
set_policy DROP
RETVAL=$?
;;
save)
save
RETVAL=$?
;;
*)
echo $"Usage: $0 {start|stop|restart|condrestart|status|panic|save}"
exit 1
;;
esac
exit $RETVAL
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>.>>
When I run the script this is the message I get in return:
Executing /etc/rc.d/init.d/iptables restart ..
Flushing firewall rules: iptables: invalid option -- t
iptables: invalid option -- F
Can't open mangle: No such file or directoryiptables: invalid option -- t
iptables: invalid option -- X
Can't open mangle: No such file or directoryiptables: invalid option -- t
iptables: invalid option -- Z
Can't open mangle: No such file or directoryiptables: invalid option -- t
iptables: invalid option -- F
Can't open filter: No such file or directoryiptables: invalid option -- t
iptables: invalid option -- X
Can't open filter: No such file or directoryiptables: invalid option -- t
iptables: invalid option -- Z
Can't open filter: No such file or directory[FAILED]
Setting chains to policy ACCEPT: mangle iptables: invalid option -- t
iptables: invalid option -- P
Unknown arguments found on commandlinefilter iptables: invalid option -- t
iptables: invalid option -- P
Unknown arguments found on commandline[FAILED]
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>...
I have read through many a post for the past 2 days... But I'm still having trouble. I'm new to FedoraCore2. I cannot use the interface due to the fact that this is a virtual dedicated server. I also have tried to use shorewall for the firewall but also it will not wrk....Surly due to my lack of know how....
]# shorewall start
: command not foundne 15:
: command not foundne 17:
: command not foundne 69:
: command not foundne 71:
: command not foundne 95:
: command not foundne 97:
: command not foundne 107:
: command not foundne 109:
: command not foundne 136:
: command not foundne 139:
: command not foundne 149:
: command not foundne 151:
: command not foundne 161:
: command not foundne 163:
: command not foundne 177:
: command not foundne 179:
: command not foundne 189:
: command not foundne 191:
: command not foundne 201:
: command not foundne 203:
: command not foundne 213:
: command not foundne 215:
: command not foundne 223:
: command not foundne 227:
: command not foundne 229:
: command not foundne 241:
: command not foundne 243:
: command not foundne 252:
: command not foundne 254:
: command not foundne 265:
: command not foundne 267:
: command not foundne 272:
: command not foundne 274:
: command not foundne 280:
: command not foundne 282:
: command not foundne 289:
: command not foundne 291:
: command not foundne 298:
: command not foundne 300:
: command not foundne 307:
: command not foundne 309:
: command not foundne 322:
: command not foundne 324:
: command not foundne 340:
: command not foundne 342:
: command not foundne 346:
: command not foundne 352:
: command not foundne 354:
: command not foundne 367:
: command not foundne 369:
: command not foundne 377:
: command not foundne 379:
: command not foundne 388:
: command not foundne 390:
: command not foundne 404:
: command not foundne 406:
: command not foundne 413:
: command not foundne 415:
: command not foundne 429:
: command not foundne 431:
: command not foundne 449:
: command not foundne 451:
: command not foundne 487:
: command not foundne 489:
: command not foundne 500:
: command not foundne 502:
: command not foundne 531:
: command not foundne 533:
: command not foundne 546:
: command not foundne 548:
: command not foundne 591:
: command not foundne 593:
: command not foundne 621:
: command not foundne 623:
: command not foundne 644:
: command not foundne 646:
: command not foundne 652:
: command not foundne 654:
: command not foundne 675:
: command not foundne 677:
: command not foundne 686:
: command not foundne 688:
: command not foundne 698:
: command not foundne 700:
: command not foundne 706:
: command not foundne 708:
: command not foundne 716:
: command not foundne 718:
: command not foundne 751:
: command not foundne 753:
: command not foundne 779:
: command not foundne 781:
: command not foundne 802:
: command not foundne 804:
: command not foundne 816:
: command not foundne 818:
: command not foundne 829:
: command not foundne 831:
: command not foundne 840:
: command not foundne 842:
: command not foundne 851:
: command not foundne 853:
) does not exist!/messages
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
All other aspects of shorewall work without a problem.
Thanks in advance for your help
