LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 04-29-2006, 05:42 PM   #1
rustyz82
Member
 
Registered: May 2004
Posts: 69

Rep: Reputation: 15
IPTables Failing to Apply


Ok I have the following iptables file:

Code:
# Generated by webmin
*filter
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A FORWARD -o venet0 -j LOG --log-level 7 --log-prefix BANDWIDTH_OUT:
-A FORWARD -i venet0 -j LOG --log-level 7 --log-prefix BANDWIDTH_IN:
-A OUTPUT -o venet0 -j LOG --log-level 7 --log-prefix BANDWIDTH_OUT:
-A INPUT -i venet0 -j LOG --log-level 7 --log-prefix BANDWIDTH_IN:
COMMIT
# Completed
# Generated by webmin
*mangle
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
# SSHD Abuse #1
-A INPUT -s x.x.x.x -j DROP
# SSHD Abuse #2
-A INPUT -s x.x.x.x -j DROP
COMMIT
# Completed
When I try to apply my changes I get the following:

Code:
Failed to apply configuration : 
Flushing firewall rules: [  OK  ]
Setting chains to policy ACCEPT: mangle filter [  OK  ]
Unloading iptables modules: [  OK  ]
Applying iptables firewall rules: iptables-restore: line 10 failed
[FAILED]
I'm using webmin to edit the rules, and if thats the source of the problem i can figure a way around it but I dont see anything that would cause that in the file. Of course the x.x.x.x's are real ip addresses but no one wants to know those It looks like the line that is failing is COMMIT, but without this the rules wont show up. Any suggestions?

Last edited by rustyz82; 04-29-2006 at 09:57 PM.
 
Old 05-01-2006, 02:41 AM   #2
Simon Bridge
LQ Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Rep: Reputation: 198Reputation: 198
well - your firewall policy looks pretty open. Basically you're accepting everything that you don't know is wrong. Only dropping packets from a specific IP. You will end up with lots of abuses and a long long list of IPs since abusers change IP's frequently.

A better policy is to drop everything and only accept packets that you specify by the rules. You'll know when you need to open something because then it dosn't work. And there ain't nobody gets in without you knowing about it.

The COMMIT in line 10 applies the rules in the previous 9 lines. Take a closer look at those -j LOG lines. I think you'll find those don't work. Try applying the rules without them (you can do without logging the bandwidth for a little while can't you?)

Now me: I don't use these sortf of things to administer iptables. I stick the rules in a bash script...
 
Old 05-01-2006, 04:51 PM   #3
rustyz82
Member
 
Registered: May 2004
Posts: 69

Original Poster
Rep: Reputation: 15
I am aware it is rather open, which is what I was working on fixing. Those log rules do work as they are for a bandwidth monitoring script I am using, but your right if i take those out it works fine. What I don't get is whats wrong with those rules. They do work as the monitoring script has been recording the bandwidth for the last month.
 
Old 05-01-2006, 09:16 PM   #4
Simon Bridge
LQ Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Rep: Reputation: 198Reputation: 198
If iptables rules don't load, how do you know the log lines work?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
IPtables failing to load: unknown ruleset bureado Linux - Software 3 06-19-2008 11:32 PM
eth1 failing on boot, IEEE firewire card driver failing, help jackuss_169 Linux - Laptop and Netbook 5 03-05-2005 08:34 AM
iptables:cannot apply dscp.patch greklas Linux - Software 0 09-08-2004 11:29 AM
iptables how can ii apply my firewall to others reaky Linux - Networking 15 06-27-2004 08:17 AM
IPTables and a failing forwarding devscripts Linux - Networking 1 04-08-2003 10:00 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 10:21 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration