LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-27-2004, 05:20 AM   #1
Pedroski
Senior Member
 
Registered: Jan 2002
Location: Nanjing, China
Distribution: Ubuntu 18.04
Posts: 1,759

Rep: Reputation: 67
Firewall problem


I keep getting error msg when starting my Stronger firewall taken fron the NIS Howto
This is the input policy
echo -e "\n - Loading INPUT rulesets\n"


#######################################################################
# INPUT: Incoming traffic from various interfaces. All rulesets are
# already flushed and set to a default policy of DROP.
#

# loopback interfaces are valid.
#
$IPTABLES -A INPUT -i lo -s $UNIVERSE -d $UNIVERSE -j ACCEPT


# local interface, local machines, going anywhere is valid
#
$IPTABLES -A INPUT -i $INTIF -s $INTNET -d $UNIVERSE -j ACCEPT


# remote interface, claiming to be local machines, IP spoofing, get lost
#
$IPTABLES -A INPUT -i $EXTIF -s $INTNET -d $UNIVERSE -j drop-and-log-it


# external interface, from any source, for ICMP traffic is valid
#
# If you would like your machine to "ping" from the Internet,
# enable this next line
#
$IPTABLES -A INPUT -i $EXTIF -p ICMP -s $UNIVERSE -d $EXTIP -j ACCEPT


# remote interface, any source, going to permanent PPP address is valid
#
#$IPTABLES -A INPUT -i $EXTIF -s $UNIVERSE -d $EXTIP -j ACCEPT


# Allow any related traffic coming back to the MASQ server in
#
$IPTABLES -A INPUT -i $EXTIF -s $UNIVERSE -d $EXTIP -m state --state
ESTABLISHED,RELATED \ -j ACCEPT

and this is what I get
- Loading INPUT rulesets

Bad argument `ACCEPT'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `state'
Try `iptables -h' or 'iptables --help' for more information.
/etc/rc.d/rc.firewall-2.4: line 624: ESTABLISHED,RELATED: command not found
- Loading OUTPUT rulesets
Bad argument `192.168.3.0/24'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0.0.0.0/0'
Try `iptables -h' or 'iptables --help' for more information.
- Loading FORWARD rulesets
- FWD: Allow all connections OUT and only existing/related IN
--- NAT: Enabling SNAT (MASQUERADE) functionality on ppp0 --
iptables v1.2.9: Unknown arg `--to'
Try `iptables -h' or 'iptables --help' for more information.

but will this work????


Stronger rc.firewall-2.4 0.80s done.
Anyone got an idea
 
Old 06-27-2004, 06:44 PM   #2
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
You'll probably get a better response over in the Security forum. I'll move it there for you.
 
Old 06-27-2004, 11:37 PM   #3
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
You might want to try loading just one rule at first and see what problem is. Try to keep it as simple as possible (remove the variable substitution) and just try adding the first rule at the command line:

iptables -A INPUT -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT

If that generates an error then it's likely that you don't have the proper iptables modules loaded or support for iptables (or the modules) wasn't included in the kernel.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
problem with my first firewall.... andra Linux - Security 6 09-20-2005 11:17 AM
Problem with my firewall Musikolo Linux - Networking 2 06-09-2005 01:43 AM
firewall problem ? CavRider Slackware 4 12-13-2003 06:17 PM
firewall problem..I think SchoolITguy Linux - Software 15 11-04-2003 07:43 AM
firewall problem ratty007 Linux - Networking 1 04-03-2003 10:45 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:16 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration