LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-11-2005, 05:04 PM   #1
Ionmag
LQ Newbie
 
Registered: Mar 2005
Posts: 5

Rep: Reputation: 0
Iptables Startup


Hi all. I am trying to get my iptables to work for a little bit of security. Everytime I type in Iptables start I get this error:

iptables-restore line 4 failed

Being new to Iptables I have no idea how to fix this. Has anyone seen this error before?

Thanks for the help
Ionmag
 
Old 04-11-2005, 07:29 PM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Did you modify any of your iptables scripts? What distro are you using?
 
Old 04-11-2005, 08:09 PM   #3
Ionmag
LQ Newbie
 
Registered: Mar 2005
Posts: 5

Original Poster
Rep: Reputation: 0
HI. I found a good iptables script on the gentoo forum and I decided to use that. I am using gentoo. I could never get it to work at first so I downloaded that script and still got that error. I don't know if there is something else I am suppose to change or not

Thanks for helping
Ionmag
 
Old 04-11-2005, 08:16 PM   #4
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
I'm assuming that there is an error in the script, could you post it? With line numbers would help too (cat -n script_name).
 
Old 04-11-2005, 08:54 PM   #5
Ionmag
LQ Newbie
 
Registered: Mar 2005
Posts: 5

Original Poster
Rep: Reputation: 0
Here you go...
#!/bin/sh

# Set location of iptables
IPTABLES=/sbin/iptables

# Define interfaces
PUBLIC_IF="eth0"

# Flush current rules
$IPTABLES -t nat -F
$IPTABLES -t filter -F
$IPTABLES -t mangle -F

# Delete custom chains
$IPTABLES -t nat -X
$IPTABLES -t filter -X
$IPTABLES -t mangle -X

# Set default policies
$IPTABLES -t filter -P INPUT DROP
$IPTABLES -t filter -P FORWARD DROP
$IPTABLES -t filter -P OUTPUT ACCEPT
$IPTABLES -t nat -P PREROUTING ACCEPT
$IPTABLES -t nat -P OUTPUT ACCEPT
$IPTABLES -t nat -P POSTROUTING ACCEPT
$IPTABLES -t mangle -P PREROUTING ACCEPT
$IPTABLES -t mangle -P INPUT ACCEPT
$IPTABLES -t mangle -P FORWARD ACCEPT
$IPTABLES -t mangle -P OUTPUT ACCEPT
$IPTABLES -t mangle -P POSTROUTING ACCEPT

# Allow traffic from trusted interfaces
$IPTABLES -A INPUT -i lo -j ACCEPT

# Allow traffic from established connections
$IPTABLES -A INPUT -i $PUBLIC_IF -m state --state RELATED,ESTABLISHED -j ACCEPT

# Allow typical ICMP responses
$IPTABLES -A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT
$IPTABLES -A INPUT -p icmp -m icmp --icmp-type 4 -j ACCEPT
$IPTABLES -A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT
$IPTABLES -A INPUT -p icmp -m icmp --icmp-type 12 -j ACCEPT
$IPTABLES -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
$IPTABLES -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
 
Old 04-11-2005, 11:01 PM   #6
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
The script itself looks ok. The iptables-restore command retrieves a file that contains a saved version of your firewall rules in a special format that is very sensitive to syntax. If you 've copied your script over that file or if you've made modifcation to it, that may be the cause of the error. Usually the location of this file is /etc/sysconfig/iptables , but that is dependent on your distro (it's a good idea to add it to your LQ profile). If your script is someplace else, then just run it and do iptables-save (on a redhat/fedora distro you can do 'service iptables save') which will over-write the old firewall rules. Then try using iptables-restore.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
IPtables startup script - Fedora Nickj Linux - Security 2 07-29-2005 08:45 AM
slackware iptables startup Atrocity Slackware 4 07-01-2005 11:47 AM
iptables startup script vishamr2000 Linux - Security 3 04-29-2005 08:21 AM
iptables startup script mushmaster Linux - General 12 02-25-2005 12:32 PM
Iptables at startup Johnnyboy Linux - Newbie 2 09-19-2003 02:36 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:16 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration