LinuxQuestions.org - Script file problem (or operator problem) HELP!

- Programming (https://www.linuxquestions.org/questions/programming-9/)

- - Script file problem (or operator problem) HELP! (https://www.linuxquestions.org/questions/programming-9/script-file-problem-or-operator-problem-help-2537/)

I have installed Red Hat 7.1 on a machine and begun attempting to create a firewall using iptables. I believe I know what I need to do to make it happen but I began to write a script file which does not work as I expect it to. I shortened the file up to try to figure out what's happening. This is my script named rc.firewall

#!/bin/sh
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
exit 0

iptables is the program name, -P means change the default policy of the chain, INPUT is the chain, and DROP is the policy I want.

If I type the lines for iptables from the prompt the policy changes as expected.

When I attempt to run my script by typing sh rc.firewall, from the appropriate directory, I get the following,

iptables: Bad policy name
iptables: Bad policy name
iptables: Bad policy name
'c.firewall: exit: bad non-numeric arg `0

It appears to me that iptables is run from the script, it recognizes the -P to change the policy, I believe it recognizes the chain name but drops the ball on the policy. Yes it is case sensitive and I am using the correct case. I have tried both. Further it does not seem to recognize 0 (zero) as a valid arguement after exit. However, typing sh to enter the shell then exit 0 doesn't generate an error message. Just for more info from the shell I typed exit n , a letter instead of a number and got the error message. Also I edited the script and put a semi-colon after the zero and that error message went away. Okay, what have I done wrong? Thanks in advance to whoever knows whats going on.

I typed in the script you posted and got the results I expected. The script ran successfully and I had to trek down to my basement to rerun my firewall script on the console. (I lost my ssh)

I'm guessing that you have a problem with your shell. My system has a sym link for /bin/sh to bash. My bash is located in /usr/bin/bash. You may want to try to replace #!/bin/sh with #!/bin/bash in your script and run the script with bash ./rc.firewall.

If that also fails, try to run bash in debug mode with the -x option:

bash -x rc.firewall

Good Luck

Gary

Go check out http://www.linux-firewall-tools.com -- they have a tool there that will setup a good firewall script tailored to your network. iptables was still experimental last I looked, but it'll at least give you a starting point if nothing else.

Good Luck