LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Firewall problem (https://www.linuxquestions.org/questions/linux-security-4/firewall-problem-198216/)

Pedroski 06-27-2004 04:20 AM
Firewall problem
 
I keep getting error msg when starting my Stronger firewall taken fron the NIS Howto
This is the input policy
echo -e "\n - Loading INPUT rulesets\n"


#######################################################################
# INPUT: Incoming traffic from various interfaces. All rulesets are
# already flushed and set to a default policy of DROP.
#

# loopback interfaces are valid.
#
$IPTABLES -A INPUT -i lo -s $UNIVERSE -d $UNIVERSE -j ACCEPT


# local interface, local machines, going anywhere is valid
#
$IPTABLES -A INPUT -i $INTIF -s $INTNET -d $UNIVERSE -j ACCEPT


# remote interface, claiming to be local machines, IP spoofing, get lost
#
$IPTABLES -A INPUT -i $EXTIF -s $INTNET -d $UNIVERSE -j drop-and-log-it


# external interface, from any source, for ICMP traffic is valid
#
# If you would like your machine to "ping" from the Internet,
# enable this next line
#
$IPTABLES -A INPUT -i $EXTIF -p ICMP -s $UNIVERSE -d $EXTIP -j ACCEPT


# remote interface, any source, going to permanent PPP address is valid
#
#$IPTABLES -A INPUT -i $EXTIF -s $UNIVERSE -d $EXTIP -j ACCEPT


# Allow any related traffic coming back to the MASQ server in
#
$IPTABLES -A INPUT -i $EXTIF -s $UNIVERSE -d $EXTIP -m state --state
ESTABLISHED,RELATED \ -j ACCEPT

and this is what I get
- Loading INPUT rulesets

Bad argument `ACCEPT'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `state'
Try `iptables -h' or 'iptables --help' for more information.
/etc/rc.d/rc.firewall-2.4: line 624: ESTABLISHED,RELATED: command not found
- Loading OUTPUT rulesets
Bad argument `192.168.3.0/24'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0.0.0.0/0'
Try `iptables -h' or 'iptables --help' for more information.
- Loading FORWARD rulesets
- FWD: Allow all connections OUT and only existing/related IN
--- NAT: Enabling SNAT (MASQUERADE) functionality on ppp0 --
iptables v1.2.9: Unknown arg `--to'
Try `iptables -h' or 'iptables --help' for more information.

but will this work????


Stronger rc.firewall-2.4 0.80s done.
Anyone got an idea

chort 06-27-2004 05:44 PM
You'll probably get a better response over in the Security forum. I'll move it there for you.

Capt_Caveman 06-27-2004 10:37 PM
You might want to try loading just one rule at first and see what problem is. Try to keep it as simple as possible (remove the variable substitution) and just try adding the first rule at the command line:

iptables -A INPUT -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT

If that generates an error then it's likely that you don't have the proper iptables modules loaded or support for iptables (or the modules) wasn't included in the kernel.


All times are GMT -5. The time now is 03:37 PM.