LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 09-08-2014, 09:06 AM   #1
Amarildo
Member
 
Registered: Jun 2014
Posts: 176

Rep: Reputation: Disabled
iptables: bad argument "In_RULE_0"


I'm creating my firewall rules on FirewallBuilder and I noticed it has an "anti spoofing rule" it creates as RULE_0. I'm copying the compiled rules and trying to create a rules file but that rule_0 is not being accepted.

Code:
iptables -A INPUT -i enp0s7 -s $i_enp0s7   -j In_RULE_0 
iptables -A In_RULE_0  -j LOG  --log-level info --log-prefix "RULE 0 -- DENY "
iptables -A In_RULE_0  -j DROP
The output is

Quote:
Bad argument `In_RULE_0'
Try `iptables -h' or 'iptables --help' for more information.
The compiled version with all other commands:

Code:
# ================ Table 'filter', rule set Policy
    # 
    # Rule 0 (enp0s7)
    # 
    echo "Rule 0 (enp0s7)"
    # 
    # anti spoofing rule
    $IPTABLES -N In_RULE_0
    for i_enp0s7 in $i_enp0s7_list
    do
    test -n "$i_enp0s7" && $IPTABLES -A INPUT -i enp0s7   -s $i_enp0s7   -j In_RULE_0 
    done
    for i_enp0s7 in $i_enp0s7_list
    do
    test -n "$i_enp0s7" && $IPTABLES -A FORWARD -i enp0s7   -s $i_enp0s7   -j In_RULE_0 
    done
    $IPTABLES -A In_RULE_0  -j LOG  --log-level info --log-prefix "RULE 0 -- DENY "
    $IPTABLES -A In_RULE_0  -j DROP

Last edited by Amarildo; 09-09-2014 at 12:50 PM.
 
Old 09-08-2014, 10:38 AM   #2
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 6,552

Rep: Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872
Try adding "echo" in place of commands in script, to see what it really does

eg
Code:
echo "Rule 0 (enp0s7)"
echo $IPTABLES -N In_RULE_0
for i_enp0s7 in $i_enp0s7_list
  do
    echo "test -n $i_enp0s7"
    test -n $i_enp0s7 && echo "$IPTABLES -A INPUT -i enp0s7   -s $i_enp0s7   -j In_RULE_0"
  done

# etc...
 
Old 09-08-2014, 10:58 AM   #3
Amarildo
Member
 
Registered: Jun 2014
Posts: 176

Original Poster
Rep: Reputation: Disabled
Actually the compiled version works fine, but I don't want to run it as a script. I'm trying to enter the commands directly in the terminal, using only 'iptables'.

Last edited by Amarildo; 09-08-2014 at 11:03 AM.
 
Old 09-08-2014, 11:54 AM   #4
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 6,552

Rep: Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872
Do you define $i_enp0s7 and RULE_0 chain in command line then?

Last edited by keefaz; 09-08-2014 at 11:55 AM.
 
Old 09-08-2014, 07:48 PM   #5
Amarildo
Member
 
Registered: Jun 2014
Posts: 176

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by keefaz View Post
Do you define $i_enp0s7 and RULE_0 chain in command line then?
Sorry, I'm note sure I understood what you just said. It's a problem with my English, really :P
 
Old 09-09-2014, 04:10 AM   #6
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 6,552

Rep: Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872
Before using In_RULE_0 chain, you have to define it with iptables -N In_RULE_0

and before using $i_enp0s7 variable, you have to assign it a value, like: i_enp0s7=192.168.0.10
 
Old 09-09-2014, 09:57 AM   #7
Amarildo
Member
 
Registered: Jun 2014
Posts: 176

Original Poster
Rep: Reputation: Disabled
Oh. Yes, of course I do that.

Here's a screenshot.
http://s18.postimg.org/swd06r1zd/snapshot5.png
 
Old 09-09-2014, 10:16 AM   #8
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 6,552

Rep: Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872
I don't see any value assigned to $i_enp0s7 in " -s $i_enp0s7 " argument
 
Old 09-09-2014, 12:08 PM   #9
Amarildo
Member
 
Registered: Jun 2014
Posts: 176

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by keefaz View Post
I don't see any value assigned to $i_enp0s7 in " -s $i_enp0s7 " argument
What value you think I should specify?

Regards.
 
Old 09-09-2014, 12:24 PM   #10
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 6,552

Rep: Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872
An IP address for -s option...

man iptables
Code:
       [!] -s, --source address[/mask][,...]
              Source specification. Address can be either a  network  name,  a
              hostname,  a  network  IP  address  (with  /mask), or a plain IP
              address. Hostnames will be resolved once only, before  the  rule
              is  submitted  to  the  kernel.  Please note that specifying any
              name to be resolved with a remote query such as DNS is a  really
              bad idea.  The mask can be either a network mask or a plain num-
              ber, specifying the number of 1's at the left side of  the  net-
              work  mask.   Thus, a mask of 24 is equivalent to 255.255.255.0.
              A "!" argument before  the  address  specification  inverts  the
              sense  of  the  address.  The  flag  --src  is an alias for this
              option.  Multiple addresses can  be  specified,  but  this  will
              expand  to  multiple  rules (when adding with -A), or will cause
              multiple rules to be deleted (with -D).
 
Old 09-09-2014, 12:33 PM   #11
Amarildo
Member
 
Registered: Jun 2014
Posts: 176

Original Poster
Rep: Reputation: Disabled
Others have suggested I put my IP address there too, but that would be impractical since my IP chances every day. That's why I'm looking for a way to set my card instead of my IP.

I tested that rule with my host name and it worked (I guess). Maybe that provides me with the same protection as if my IP adress was specified?

EDIT: Yes! My IP is automatically assigned if I specify my host name.

Code:
-A INPUT -s -myIP- -i enp0s7 -j In_RULE_0

Last edited by Amarildo; 09-09-2014 at 12:54 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] iptables bad argument Bad argument `5060' treschen Linux - Newbie 3 11-10-2012 09:29 AM
How can I convert makefile argument "toupper" (and "tolower")? daat99 Programming 4 12-04-2010 10:49 AM
spamassassin: sa-learn --sync -> "Argument "M-HM-JM-J" isn't numeric" XXLRay Linux - Server 8 06-22-2010 10:10 AM
Bad mount of .mdf - "wrong fs type, bad option, bad superblock, on /dev/loop0" Maybe-not Linux - General 2 02-29-2008 01:30 PM
"cp -p" fails with "cp: setting permissions for `/home/svbld/t': Invalid argument" mkhesin Red Hat 1 02-28-2007 12:57 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 07:41 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration