I need help , please

I need help , please

[david]

[-- Attachment #1.1: Type: text/plain, Size: 521 bytes --]

Hi:
 
I have been using ipchains for a long time , but know i want to turn to iptables.
I have a script file in /etc/rc.d/init.d/iptables

What I do is :

# service iptables save
 
after that  I got a new file in /etc/sysconfig/iptables .
and then :

#/etc/rc.d/init.d/ipchains restart
 
First I got a lot of errrors and  it does not seem to apply my rules, because if for example ,I comment (#) the rules for http client , it allow me to get the web anyway.
 
I use Red Hat 7.2 and Here's my script,
 

[-- Attachment #1.2: Type: text/html, Size: 1470 bytes --]

[-- Attachment #2: Iptables.zip --]
[-- Type: application/x-compressed, Size: 5119 bytes --]

Re: I need help , please

[david]

[-- Attachment #1.1: Type: text/plain, Size: 1499 bytes --]

It was a mistake.What I do is

# service iptables save
after that  I got a new file in /etc/sysconfig/iptables .
and then :
#/etc/rc.d/init.d/iptables restart 2>salida8
.And here you see all the errors.

david





  ----- Original Message ----- 
  From: jesse.linux 
  To: david@aid.inf.cu 
  Sent: Thursday, July 04, 2002 8:13 AM
  Subject: RE: I need help , please


  if u want to use iptables, why did u restart ipchains?...
   
  pls give more info...
   
  From: "david" <david@aid.inf.cu>
  To: <netfilter@lists.samba.org>
  Subject:  I need help , please
  Date: Wed, 3 Jul 2002 08:47:57 +0200

  This is a multi-part message in MIME format.

  ------=_NextPart_000_0053_01C2226E.542764D0
  Content-Type: multipart/alternative;
  boundary="----=_NextPart_001_0054_01C2226E.542764D0"


  ------=_NextPart_001_0054_01C2226E.542764D0
  Content-Type: text/plain;
  charset="iso-8859-1"
  Content-Transfer-Encoding: quoted-printable

  Hi:
  =20
  I have been using ipchains for a long time , but know i want to turn to =
  iptables.
  I have a script file in /etc/rc.d/init.d/iptables

  What I do is :

  # service iptables save
  =20
  after that  I got a new file in /etc/sysconfig/iptables .
  and then :

  #/etc/rc.d/init.d/ipchains restart
  =20
  First I got a lot of errrors and  it does not seem to apply my rules, =
  because if for example ,I comment (#) the rules for http client , it =
  allow me to get the web anyway.

[-- Attachment #1.2: Type: text/html, Size: 2998 bytes --]

[-- Attachment #2: salida8 --]
[-- Type: application/octet-stream, Size: 5807 bytes --]

/etc/rc.d/init.d/iptables: \r: command not found
/etc/rc.d/init.d/iptables: \r: command not found
/etc/rc.d/init.d/iptables: \r: command not found
/etc/rc.d/init.d/iptables: \r: command not found
/etc/rc.d/init.d/iptables: \r: command not found
/etc/rc.d/init.d/iptables: \r: command not found
/etc/rc.d/init.d/iptables: \r: command not found
/etc/rc.d/init.d/iptables: \r: command not found
/etc/rc.d/init.d/iptables: \r: command not found
/etc/rc.d/init.d/iptables: \r: command not found
/etc/rc.d/init.d/iptables: \r: command not found
iptables: No chain/target/match by that name
iptables v1.2.3: can't initialize iptables table `nat\r': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
/etc/rc.d/init.d/iptables: \r: command not found
iptables: Table does not exist (do you need to insmod?)
/etc/rc.d/init.d/iptables: \r: command not found
iptables: Bad policy name
iptables: Bad policy name
iptables: Bad policy name
/etc/rc.d/init.d/iptables: \r: command not found
/etc/rc.d/init.d/iptables: \r: command not found
/etc/rc.d/init.d/iptables: \r: command not found
/etc/rc.d/init.d/iptables: \r: command not found
iptables v1.2.3: Invalid target name `ACCEPT\r'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.2.3: Invalid target name `ACCEPT\r'
Try `iptables -h' or 'iptables --help' for more information.
/etc/rc.d/init.d/iptables: \r: command not found
/etc/rc.d/init.d/iptables: \r: command not found
/etc/rc.d/init.d/iptables: \r: command not found
/etc/rc.d/init.d/iptables: \r: command not found
iptables v1.2.3: Invalid target name `ACCEPT\r'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.2.3: Invalid target name `ACCEPT\r'
Try `iptables -h' or 'iptables --help' for more information.
/etc/rc.d/init.d/iptables: \r: command not found
/etc/rc.d/init.d/iptables: \r: command not found
/etc/rc.d/init.d/iptables: \r: command not found
iptables v1.2.3: Invalid target name `DROP\r'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.2.3: Invalid target name `DROP\r'
Try `iptables -h' or 'iptables --help' for more information.
/etc/rc.d/init.d/iptables: \r: command not found
iptables v1.2.3: Invalid target name `DROP\r'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.2.3: Invalid target name `DROP\r'
Try `iptables -h' or 'iptables --help' for more information.
/etc/rc.d/init.d/iptables: \r: command not found
iptables v1.2.3: Invalid target name `DROP\r'
Try `iptables -h' or 'iptables --help' for more information.
/etc/rc.d/init.d/iptables: \r: command not found
Try `iptables -h' or 'iptables --help' for more information.
/etc/rc.d/init.d/iptables: -s: command not found
/etc/rc.d/init.d/iptables: \r: command not found
Try `iptables -h' or 'iptables --help' for more information.
/etc/rc.d/init.d/iptables: -i: command not found
/etc/rc.d/init.d/iptables: \r: command not found
iptables v1.2.3: Invalid target name `MASQUERADE\r'
Try `iptables -h' or 'iptables --help' for more information.
/etc/rc.d/init.d/iptables: \r: command not found
/etc/rc.d/init.d/iptables: \r: command not found
/etc/rc.d/init.d/iptables: \r: command not found
/etc/rc.d/init.d/iptables: \r: command not found
/etc/rc.d/init.d/iptables: \r: command not found
/etc/rc.d/init.d/iptables: \r: command not found
/etc/rc.d/init.d/iptables: \r: command not found
/etc/rc.d/init.d/iptables: \r: command not found
iptables v1.2.3: Invalid target name `DROP\r'
Try `iptables -h' or 'iptables --help' for more information.
/etc/rc.d/init.d/iptables: \r: command not found
iptables v1.2.3: Invalid target name `DROP\r'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.2.3: Invalid target name `DROP\r'
Try `iptables -h' or 'iptables --help' for more information.
/etc/rc.d/init.d/iptables: \r: command not found
iptables v1.2.3: Invalid target name `DROP\r'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.2.3: Invalid target name `DROP\r'
Try `iptables -h' or 'iptables --help' for more information.
/etc/rc.d/init.d/iptables: \r: command not found
iptables v1.2.3: Invalid target name `DROP\r'
Try `iptables -h' or 'iptables --help' for more information.
/etc/rc.d/init.d/iptables: \r: command not found
iptables v1.2.3: Invalid target name `DROP\r'
Try `iptables -h' or 'iptables --help' for more information.
/etc/rc.d/init.d/iptables: \r: command not found
/etc/rc.d/init.d/iptables: \r: command not found
/etc/rc.d/init.d/iptables: \r: command not found
/etc/rc.d/init.d/iptables: \r: command not found
iptables v1.2.3: Invalid target name `DROP\r'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.2.3: Invalid target name `DROP\r'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.2.3: Invalid target name `DROP\r'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.2.3: Invalid target name `DROP\r'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.2.3: Invalid target name `DROP\r'
Try `iptables -h' or 'iptables --help' for more information.
/etc/rc.d/init.d/iptables: \r: command not found
/etc/rc.d/init.d/iptables: \r: command not found
/etc/rc.d/init.d/iptables: \r: command not found
/etc/rc.d/init.d/iptables: \r: command not found
Try `iptables -h' or 'iptables --help' for more information.
/etc/rc.d/init.d/iptables: --source-port: command not found
/etc/rc.d/init.d/iptables: -d: command not found
/etc/rc.d/init.d/iptables: \r: command not found
Try `iptables -h' or 'iptables --help' for more information.
/etc/rc.d/init.d/iptables: -s: command not found
/etc/rc.d/init.d/iptables: --destination-port: command not found
/etc/rc.d/init.d/iptables: \r: command not found

Re: I need help , please

[david]

I amtrying to set a dns and proxy server


----- Original Message -----
From: "Antony Stone" <Antony@Soft-Solutions.co.uk>
To: <netfilter@lists.samba.org>
Sent: Thursday, July 04, 2002 4:53 PM
Subject: Re: I need help , please


> On Thursday 04 July 2002 9:38 am, david wrote:
>
> > It was a mistake.What I do is
> >
> > # service iptables save
> > after that  I got a new file in /etc/sysconfig/iptables .
> > and then :
> > #/etc/rc.d/init.d/iptables restart 2>salida8
> > .And here you see all the errors.
>
> What rules are you trying to set ?
>
> Have you compiled all the required bits of iptables into the kernel or are
> you loading modules ?
>
>
>
> Antony.

Re: I need help , please

[Antony Stone]

On Thursday 04 July 2002 9:38 am, david wrote:

> It was a mistake.What I do is
>
> # service iptables save
> after that  I got a new file in /etc/sysconfig/iptables .
> and then :
> #/etc/rc.d/init.d/iptables restart 2>salida8
> .And here you see all the errors.

What rules are you trying to set ?

Have you compiled all the required bits of iptables into the kernel or are 
you loading modules ?

 

Antony.

Re: I need help , please

[david]

[-- Attachment #1: Type: text/plain, Size: 1541 bytes --]

Yes , the kernel has  iptable enable:

Network packet filtering Y
IP netfilter configuration Y
IP tables support Y

and all the others components are compiled like modules

  ----- Original Message ----- 
  From: Michael Mimo 
  To: david 
  Sent: Thursday, July 04, 2002 10:10 PM
  Subject: Re: I need help , please


  i am trying to help, but what I need are a copy of the errors you are getting. Also, I need to know if the kernel has iptables enabled. 
    ----- Original Message ----- 
    From: david 
    To: Michael Mimo 
    Sent: Thursday, July 04, 2002 9:43 AM
    Subject: Re: I need help , please


    here they are
    thanks

    david
      ----- Original Message ----- 
      From: Michael Mimo 
      To: david 
      Sent: Thursday, July 04, 2002 9:03 PM
      Subject: Re: I need help , please


      can you print the erros in an e-mail I am having trouble opening the file you sent. by the way did you verify that the kernel has iptables enabled?
        ----- Original Message ----- 
        From: david 
        To: Michael Mimo 
        Sent: Thursday, July 04, 2002 4:51 AM
        Subject: Re: I need help , please


        Here they are.
        thank

        david
          ----- Original Message ----- 
          From: Michael Mimo 
          To: david@aid.inf.cu 
          Sent: Thursday, July 04, 2002 5:48 AM
          Subject: RE: I need help , please


          what errors did you get. Did you compile the kernel of 7.2 with iptables enabled?

[-- Attachment #2: Type: text/html, Size: 5436 bytes --]

Re: I need help , please

[Antony Stone]

On Thursday 04 July 2002 1:00 pm, david wrote:

> I amtrying to set a dns and proxy server

I assume this means you want to run DNS and an http proxy such as squid on 
the machine running the Firewall.   If this is not correct, post again and 
tell us what iptables rules you are trying to set up (which is what I was 
trying to ask).

Anyway, if that is the correct assumption, how about a set of rules such as 
this ?

# Standard default policies
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
# Allow in DNS requests
iptables -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT
# Allow out DNS requests
iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
# Redirect http requests to local proxy
iptables -A PREROUTING -t nat -p tcp --dport 80 -j DNAT 127.0.0.1:80
# Allow proxy requests out of machine
iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT
# Allow replies etc back in again
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

 

Antony.

> ----- Original Message -----
> From: "Antony Stone" <Antony@Soft-Solutions.co.uk>
> To: <netfilter@lists.samba.org>
> Sent: Thursday, July 04, 2002 4:53 PM
> Subject: Re: I need help , please
>
> > On Thursday 04 July 2002 9:38 am, david wrote:
> > > It was a mistake.What I do is
> > >
> > > # service iptables save
> > > after that  I got a new file in /etc/sysconfig/iptables .
> > > and then :
> > > #/etc/rc.d/init.d/iptables restart 2>salida8
> > > .And here you see all the errors.
> >
> > What rules are you trying to set ?
> >
> > Have you compiled all the required bits of iptables into the kernel or
> > are you loading modules ?
> >
> >
> >
> > Antony.

Re: I need help , please

[Jan Humme]

On Thursday 04 July 2002 20:20, Antony Stone wrote:
> On Thursday 04 July 2002 1:00 pm, david wrote:
> > I amtrying to set a dns and proxy server
>
> I assume this means you want to run DNS and an http proxy such as squid on
> the machine running the Firewall.   If this is not correct, post again and
> tell us what iptables rules you are trying to set up (which is what I was
> trying to ask).
>
> Anyway, if that is the correct assumption, how about a set of rules such as
> this ?
>
> # Standard default policies
> iptables -P INPUT DROP
> iptables -P FORWARD DROP
> iptables -P OUTPUT DROP
> # Allow in DNS requests
> iptables -A INPUT -p tcp --dport 53 -j ACCEPT
> iptables -A INPUT -p udp --dport 53 -j ACCEPT
> # Allow out DNS requests
> iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT
> iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
> # Redirect http requests to local proxy
> iptables -A PREROUTING -t nat -p tcp --dport 80 -j DNAT 127.0.0.1:80

Anthony, just for my understanding: is this any different from:

iptables -A PREROUTING -t nat -p tcp --dport 80 -j REDIRECT   ?

Jan Humme.

Re: I need help , please

[Antony Stone]

On Thursday 04 July 2002 7:48 pm, Jan Humme wrote:

> On Thursday 04 July 2002 20:20, Antony Stone wrote:

> > # Redirect http requests to local proxy
> > iptables -A PREROUTING -t nat -p tcp --dport 80 -j DNAT 127.0.0.1:80
>
> Antony, just for my understanding: is this any different from:
>
> iptables -A PREROUTING -t nat -p tcp --dport 80 -j REDIRECT   ?

No.   I just find the name 'redirect' a bit ambiguous (I mean, it could 
redirect it somewhere else, couldn't it, but no, it only redirects it to the 
local machine...) therefore I use DNAT which I'm familiar with from other 
uses.

 

Antony.

Re: I need help , please

[Jan Humme]

On Thursday 04 July 2002 20:51, Antony Stone wrote:
> On Thursday 04 July 2002 7:48 pm, Jan Humme wrote:
> > On Thursday 04 July 2002 20:20, Antony Stone wrote:
> > > # Redirect http requests to local proxy
> > > iptables -A PREROUTING -t nat -p tcp --dport 80 -j DNAT 127.0.0.1:80
> >
> > Antony, just for my understanding: is this any different from:
> >
> > iptables -A PREROUTING -t nat -p tcp --dport 80 -j REDIRECT   ?
>
> No.   I just find the name 'redirect' a bit ambiguous (I mean, it could
> redirect it somewhere else, couldn't it, but no, it only redirects it to
> the local machine...) therefore I use DNAT which I'm familiar with from
> other uses.

OK, and agree.

But I am somewhat surprised to find such redundant syntax at this level.

Jan Humme.

Re: I need help , please

[Antony Stone]

On Thursday 04 July 2002 7:59 pm, Jan Humme wrote:

> On Thursday 04 July 2002 20:51, Antony Stone wrote:
> > On Thursday 04 July 2002 7:48 pm, Jan Humme wrote:
> > > On Thursday 04 July 2002 20:20, Antony Stone wrote:
> > > > # Redirect http requests to local proxy
> > > > iptables -A PREROUTING -t nat -p tcp --dport 80 -j DNAT 127.0.0.1:80
> > >
> > > Antony, just for my understanding: is this any different from:
> > >
> > > iptables -A PREROUTING -t nat -p tcp --dport 80 -j REDIRECT   ?
> >
> > No.   I just find the name 'redirect' a bit ambiguous (I mean, it could
> > redirect it somewhere else, couldn't it, but no, it only redirects it to
> > the local machine...) therefore I use DNAT which I'm familiar with from
> > other uses.
>
> OK, and agree.
>
> But I am somewhat surprised to find such redundant syntax at this level.

I could have written it as

iptables -A PREROUTING -t nat -p tcp --dport 80 -j DNAT 127.0.0.1

if you prefer :-)

 

Antony.

Re: I need help , please

[Jan Humme]

On Thursday 04 July 2002 21:01, Antony Stone wrote:
> On Thursday 04 July 2002 7:59 pm, Jan Humme wrote:
> > On Thursday 04 July 2002 20:51, Antony Stone wrote:
> > > On Thursday 04 July 2002 7:48 pm, Jan Humme wrote:
> > > > On Thursday 04 July 2002 20:20, Antony Stone wrote:
> > > > > # Redirect http requests to local proxy
> > > > > iptables -A PREROUTING -t nat -p tcp --dport 80 -j DNAT
> > > > > 127.0.0.1:80
> > > >
> > > > Antony, just for my understanding: is this any different from:
> > > >
> > > > iptables -A PREROUTING -t nat -p tcp --dport 80 -j REDIRECT   ?
> > >
> > > No.   I just find the name 'redirect' a bit ambiguous (I mean, it could
> > > redirect it somewhere else, couldn't it, but no, it only redirects it
> > > to the local machine...) therefore I use DNAT which I'm familiar with
> > > from other uses.
> >
> > OK, and agree.
> >
> > But I am somewhat surprised to find such redundant syntax at this level.
>
> I could have written it as
>
> iptables -A PREROUTING -t nat -p tcp --dport 80 -j DNAT 127.0.0.1
>
> if you prefer :-)

I was in fact refering to the redundant design of the iptables syntax, and 
not to your beautiful piece of nat-art, Anthony ;-) !

Jan Humme. 

RE: I need help , please

[George Vieira]

[-- Attachment #1: Type: text/plain, Size: 2037 bytes --]

Check using `lsmod` that ipchains isn't loaded. RedHat starts BOTH ipchains
and iptables in the setup so of course ipchains starts first and then
iptables gives errors..
 
rmmod ipchains
/etc/init.d/iptables restart
 

thanks,
George Vieira
Systems Manager
Citadel Computer Systems P/L
http://www.citadelcomputer.com.au <http://www.citadelcomputer.com.au/> 

-----Original Message-----
From: david [mailto:david@aid.inf.cu]
Sent: Thursday, 04 July 2002 6:39 PM
To: jesse.linux
Cc: netfilter@lists.samba.org
Subject: Re: I need help , please


It was a mistake.What I do is
 
# service iptables save
after that  I got a new file in /etc/sysconfig/iptables .
and then :
#/etc/rc.d/init.d/iptables restart 2>salida8
.And here you see all the errors.
 
david
 
 
 
 
 

----- Original Message ----- 
From: jesse.linux <mailto:jdelima@inq7.net>  
To: david@aid.inf.cu <mailto:david@aid.inf.cu>  
Sent: Thursday, July 04, 2002 8:13 AM
Subject: RE: I need help , please

if u want to use iptables, why did u restart ipchains?...
 
pls give more info...
 
From: "david" < david@aid.inf.cu <mailto:david@aid.inf.cu> >
To: < netfilter@lists.samba.org <mailto:netfilter@lists.samba.org> >
Subject:  I need help , please
Date: Wed, 3 Jul 2002 08:47:57 +0200

This is a multi-part message in MIME format.

------=_NextPart_000_0053_01C2226E.542764D0
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_0054_01C2226E.542764D0"


------=_NextPart_001_0054_01C2226E.542764D0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi:
=20
I have been using ipchains for a long time , but know i want to turn to =
iptables.
I have a script file in /etc/rc.d/init.d/iptables

What I do is :

# service iptables save
=20
after that  I got a new file in /etc/sysconfig/iptables .
and then :

#/etc/rc.d/init.d/ipchains restart
=20
First I got a lot of errrors and  it does not seem to apply my rules, =
because if for example ,I comment (#) the rules for http client , it =
allow me to get the web anyway.


[-- Attachment #2: Type: text/html, Size: 4187 bytes --]

Re: I need help , please

[david]

[-- Attachment #1: Type: text/plain, Size: 2129 bytes --]

OK , I agree.In fact I  am just trying.
I heve tested a simpler script :

# Standard default policies
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

am here you have the output.
/etc/rc.d/init.d/iptables : command not found
iptables: bad police name
iptables: bad police name
iptables: bad police name
/etc/rc.d/init.d/iptables : command not found


  ----- Original Message ----- 
  From: Ed Street 
  Cc: netfilter@lists.samba.org 
  Sent: Friday, July 05, 2002 4:23 PM
  Subject: RE: I need help , please


  Hello,

   

  First this script is not coded that well (not clean at all) second I would recommend changing scripts.  If you are going to keep this script I would urge you to do some serious house cleaning.  For the errors you can put breakpoints thru the script to determine the problems (bet there's several here)

   

  This type of script is not something you should just pick up and run blindly.

   

  Ed

   

  -----Original Message-----
  From: netfilter-admin@lists.samba.org [mailto:netfilter-admin@lists.samba.org] On Behalf Of david
  Sent: Friday, July 05, 2002 4:01 AM
  To: mimom@rcn.com; George Vieira; jesse.linux
  Cc: netfilter@lists.samba.org
  Subject: Fw: I need help , please

   

  Hi:

   

  George and Jesse:

   

  Here i am sending you all that I have done:

  KERNEL

  Enable loadble modulo support   Y

  Network packet Filtering  Y

  IP netfilter configuration   Y

  IP table support   Y

   

  everything else as modules.

   

  make bzImage

  make modules

  make modules_Install

  reboot

  uname -a

  ===============================================================================

   

  chkconfig --level 0123456 ipchains off

  /etc/rc.d/init.d/ipchains stop

  chkconfig --level 2345 iptables on

  /etc/rc.d/init.d/iptables start

  =============================================================================

   

  Here are my script (/etc/rc.d/init.d/iptables) and the errors.

   

  david

   

  Thanks to all of you


[-- Attachment #2: Type: text/html, Size: 13451 bytes --]

Re: I need help , please

[david]

iptables:Bad built-in change name

david




 ----- Original Message ----- 
From: "Antony Stone" <Antony@Soft-Solutions.co.uk>
To: <netfilter@lists.samba.org>
Sent: Friday, July 05, 2002 6:00 PM
Subject: Re: I need help , please


> On Friday 05 July 2002 10:25 am, david wrote:
> 
> > OK , I agree.In fact I  am just trying.
> > I heve tested a simpler script :
> >
> > # Standard default policies
> > iptables -P INPUT DROP
> > iptables -P FORWARD DROP
> > iptables -P OUTPUT DROP
> >
> > am here you have the output.
> > /etc/rc.d/init.d/iptables : command not found
> > iptables: bad police name
> > iptables: bad police name
> > iptables: bad police name
> > /etc/rc.d/init.d/iptables : command not found
> 
> Do you have . in your path ???   It looks to me as though you're in 
> /etc/rc.d/init.d when you type this, and it's trying to run the iptables 
> script in the local directory instead of the iptables binary in /sbin
> 
> What happens if you cd to /root and type
> iptables -P INPUT DROP
> 
>  
> 
> Antony.

Re: I need help , please

[david]

Antony;

#iptables -P INPUD DROP
iptables:Bad built in chain name

if I turn to:
#iptables -P inpud DROP
iptables:Bad built in chain name

if I try:
#iptables -p inpud DROP
iptables v1.2.3: unknown protocol `inpud` specified

thanks again tony

david

----- Original Message -----
From: "Antony Stone" <Antony@Soft-Solutions.co.uk>
To: <netfilter@lists.samba.org>
Sent: Friday, July 05, 2002 6:35 PM
Subject: Re: I need help , please


> On Friday 05 July 2002 11:18 am, david wrote:
>
> > iptables:Bad built-in change name
>
> What *exactly* did you type (punctuation as well) and what *exactly* is
the
> response ?
>
> The command I want you to try is
>
> iptables -P INPUT DROP
>
> That is:
> "iptables" in lower case
> a space
> a hyphen or minus sign
> a capital P
> a space
> "INPUT" in capitals
> a space
> "DROP" in capitals
> <enter>.
>
> If you really do get an error in response to this, your system is very
sick.
>
>
>
> Antony.
>
> >  ----- Original Message -----
> > From: "Antony Stone" <Antony@Soft-Solutions.co.uk>
> > To: <netfilter@lists.samba.org>
> > Sent: Friday, July 05, 2002 6:00 PM
> > Subject: Re: I need help , please
> >
> > > On Friday 05 July 2002 10:25 am, david wrote:
> > > > OK , I agree.In fact I  am just trying.
> > > > I heve tested a simpler script :
> > > >
> > > > # Standard default policies
> > > > iptables -P INPUT DROP
> > > > iptables -P FORWARD DROP
> > > > iptables -P OUTPUT DROP
> > > >
> > > > am here you have the output.
> > > > /etc/rc.d/init.d/iptables : command not found
> > > > iptables: bad police name
> > > > iptables: bad police name
> > > > iptables: bad police name
> > > > /etc/rc.d/init.d/iptables : command not found
> > >
> > > Do you have . in your path ???   It looks to me as though you're in
> > > /etc/rc.d/init.d when you type this, and it's trying to run the
iptables
> > > script in the local directory instead of the iptables binary in /sbin
> > >
> > > What happens if you cd to /root and type
> > > iptables -P INPUT DROP
> > >
> > >
> > >
> > > Antony.

Re: I need help , please

[david]

which iptables
/sbin/iptables

Let me say you something.I have a smp kernel(simetric multi procesor kernel)
, maybe that is the reason


----- Original Message -----
From: "Joe Patterson" <jpatterson@asgardgroup.com>
To: "david" <david@aid.inf.cu>; "Antony Stone" <Antony@Soft-Solutions.co.uk>
Cc: <netfilter@lists.samba.org>
Sent: Friday, July 05, 2002 6:45 PM
Subject: RE: I need help , please


> next tell us the output of these commands:
>
> which iptables
> file `which iptables`
>
> and did you mean to mis-spell INPUT as INPUD?
>
> -Joe
>
>
> > -----Original Message-----
> > From: netfilter-admin@lists.samba.org
> > [mailto:netfilter-admin@lists.samba.org]On Behalf Of david
> > Sent: Friday, July 05, 2002 6:37 AM
> > To: Antony Stone
> > Cc: netfilter@lists.samba.org
> > Subject: Re: I need help , please
> >
> >
> > Antony;
> >
> > #iptables -P INPUD DROP
> > iptables:Bad built in chain name
> >
> > if I turn to:
> > #iptables -P inpud DROP
> > iptables:Bad built in chain name
> >
> > if I try:
> > #iptables -p inpud DROP
> > iptables v1.2.3: unknown protocol `inpud` specified
> >
> > thanks again tony
> >
> > david
> >
> > ----- Original Message -----
> > From: "Antony Stone" <Antony@Soft-Solutions.co.uk>
> > To: <netfilter@lists.samba.org>
> > Sent: Friday, July 05, 2002 6:35 PM
> > Subject: Re: I need help , please
> >
> >
> > > On Friday 05 July 2002 11:18 am, david wrote:
> > >
> > > > iptables:Bad built-in change name
> > >
> > > What *exactly* did you type (punctuation as well) and what *exactly*
is
> > the
> > > response ?
> > >
> > > The command I want you to try is
> > >
> > > iptables -P INPUT DROP
> > >
> > > That is:
> > > "iptables" in lower case
> > > a space
> > > a hyphen or minus sign
> > > a capital P
> > > a space
> > > "INPUT" in capitals
> > > a space
> > > "DROP" in capitals
> > > <enter>.
> > >
> > > If you really do get an error in response to this, your system is very
> > sick.
> > >
> > >
> > >
> > > Antony.
> > >
> > > >  ----- Original Message -----
> > > > From: "Antony Stone" <Antony@Soft-Solutions.co.uk>
> > > > To: <netfilter@lists.samba.org>
> > > > Sent: Friday, July 05, 2002 6:00 PM
> > > > Subject: Re: I need help , please
> > > >
> > > > > On Friday 05 July 2002 10:25 am, david wrote:
> > > > > > OK , I agree.In fact I  am just trying.
> > > > > > I heve tested a simpler script :
> > > > > >
> > > > > > # Standard default policies
> > > > > > iptables -P INPUT DROP
> > > > > > iptables -P FORWARD DROP
> > > > > > iptables -P OUTPUT DROP
> > > > > >
> > > > > > am here you have the output.
> > > > > > /etc/rc.d/init.d/iptables : command not found
> > > > > > iptables: bad police name
> > > > > > iptables: bad police name
> > > > > > iptables: bad police name
> > > > > > /etc/rc.d/init.d/iptables : command not found
> > > > >
> > > > > Do you have . in your path ???   It looks to me as though you're
in
> > > > > /etc/rc.d/init.d when you type this, and it's trying to run the
> > iptables
> > > > > script in the local directory instead of the iptables
> > binary in /sbin
> > > > >
> > > > > What happens if you cd to /root and type
> > > > > iptables -P INPUT DROP
> > > > >
> > > > >
> > > > >
> > > > > Antony.
> >
> >
> >
> >

Re: I need help , please

[david]

Tony:

#echo $PATH
/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:
/root/bin

how you can see iptables is in the PATH


david


----- Original Message -----
From: "Antony Stone" <Antony@Soft-Solutions.co.uk>
To: <netfilter@lists.samba.org>
Sent: Friday, July 05, 2002 6:54 PM
Subject: Re: I need help , please


> On Friday 05 July 2002 5:45 pm, Joe Patterson wrote:
>
> > next tell us the output of these commands:
> >
> > which iptables
> > file `which iptables`
>
> I think we should point out that the ` symbols above are the backtick
> character (probably at the top left of your keyboard), and not the
apostrophe.
>
> Also, please can you tell us what you get in response to
> echo $PATH
>
>
>
> Antony.

Re: I need help , please

[david]

Yes tony ,but I do not know what to do with these rules .I put these in the
/etc/rc.d/init.d/iptables script , in  the start section of the script and
then what i do is :

service iptables save
/etc/rc.d/init.d/iptables restart

and I got all those errors message.

Maybe I am doing something wrong with putting these rules in the script.

Thanks  a lot for all your advise and your time to me.
david





----- Original Message -----
From: "Antony Stone" <Antony@Soft-Solutions.co.uk>
To: <netfilter@lists.samba.org>
Sent: Friday, July 05, 2002 9:14 PM
Subject: Re: I need help , please


> On Friday 05 July 2002 1:56 pm, david wrote:
>
> > Tony:
> >
> > #echo $PATH
> >
/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin
> >: /root/bin
> >
> > how you can see iptables is in the PATH
>
> Okay, that's good.   I was concerned that you might have . in your path,
so
> that commands in the local directory were getting executed instead of the
> ones in /sbin./bin etc.
>
> By the way, did you ever try the list of rules I posted in
> http://lists.samba.org/pipermail/netfilter/2002-July/024548.html ?
>
>
>
> Antony.
>
> > ----- Original Message -----
> > From: "Antony Stone" <Antony@Soft-Solutions.co.uk>
> > To: <netfilter@lists.samba.org>
> > Sent: Friday, July 05, 2002 6:54 PM
> > Subject: Re: I need help , please
> >
> > > On Friday 05 July 2002 5:45 pm, Joe Patterson wrote:
> > > > next tell us the output of these commands:
> > > >
> > > > which iptables
> > > > file `which iptables`
> > >
> > > I think we should point out that the ` symbols above are the backtick
> > > character (probably at the top left of your keyboard), and not the
> >
> > apostrophe.
> >
> > > Also, please can you tell us what you get in response to
> > > echo $PATH
> > >
> > >
> > >
> > > Antony.

RE: I need help , please

[Ed Street]

[-- Attachment #1: Type: text/plain, Size: 1352 bytes --]

Hello,
 
First this script is not coded that well (not clean at all) second I
would recommend changing scripts.  If you are going to keep this script
I would urge you to do some serious house cleaning.  For the errors you
can put breakpoints thru the script to determine the problems (bet
there's several here)
 
This type of script is not something you should just pick up and run
blindly.
 
Ed
 
-----Original Message-----
From: netfilter-admin@lists.samba.org
[mailto:netfilter-admin@lists.samba.org] On Behalf Of david
Sent: Friday, July 05, 2002 4:01 AM
To: mimom@rcn.com; George Vieira; jesse.linux
Cc: netfilter@lists.samba.org
Subject: Fw: I need help , please
 
Hi:
 
George and Jesse:
 
Here i am sending you all that I have done:
KERNEL
Enable loadble modulo support   Y
Network packet Filtering  Y
IP netfilter configuration   Y
IP table support   Y
 
everything else as modules.
 
make bzImage
make modules
make modules_Install
reboot
uname -a
========================================================================
=======
 
chkconfig --level 0123456 ipchains off
/etc/rc.d/init.d/ipchains stop
chkconfig --level 2345 iptables on
/etc/rc.d/init.d/iptables start
========================================================================
=====
 
Here are my script (/etc/rc.d/init.d/iptables) and the errors.
 
david
 
Thanks to all of you

[-- Attachment #2: Type: text/html, Size: 11454 bytes --]

Re: I need help , please

[david]

Tony:

When I write these rules in the command line all is OK and  the rules works
fine.
But if I put the same rules in a script :

#!/bin/bash
# Standard default policies
iptables -P INPUT DROP


iptables -P FORWARD DROP
iptables -P OUTPUT DROP

I got these errors

iptables :Bad police name
iptables :Bad police name
iptables :Bad police name


Then what?

david

----- Original Message -----
From: "Antony Stone" <Antony@Soft-Solutions.co.uk>
To: <netfilter@lists.samba.org>
Sent: Friday, July 05, 2002 10:11 PM
Subject: Re: I need help , please


> On Friday 05 July 2002 2:54 pm, david wrote:
>
> > Yes Antony ,but I do not know what to do with these rules
>
> Simple.   Put them in a script, on their own, and run it.   See if it does
> what you want.
>
> > .I put these in the
> > /etc/rc.d/init.d/iptables script , in  the start section of the script
and
> > then what i do is :
> >
> > service iptables save
> > /etc/rc.d/init.d/iptables restart
>
> I cannot comment on this because I don't do that on my system.   Why do
you
> do that on yours ?
>
> > and I got all those errors message.
> >
> > Maybe I am doing something wrong with putting these rules in the script.
>
> Is there something else in the script which could be causing the problems
?
>
>
>
> Antony.

Re: I need help , please

[Antony Stone]

On Friday 05 July 2002 10:25 am, david wrote:

> OK , I agree.In fact I  am just trying.
> I heve tested a simpler script :
>
> # Standard default policies
> iptables -P INPUT DROP
> iptables -P FORWARD DROP
> iptables -P OUTPUT DROP
>
> am here you have the output.
> /etc/rc.d/init.d/iptables : command not found
> iptables: bad police name
> iptables: bad police name
> iptables: bad police name
> /etc/rc.d/init.d/iptables : command not found

Do you have . in your path ???   It looks to me as though you're in 
/etc/rc.d/init.d when you type this, and it's trying to run the iptables 
script in the local directory instead of the iptables binary in /sbin

What happens if you cd to /root and type
iptables -P INPUT DROP

 

Antony.

Re: I need help , please

[Antony Stone]

On Friday 05 July 2002 11:18 am, david wrote:

> iptables:Bad built-in change name

What *exactly* did you type (punctuation as well) and what *exactly* is the 
response ?

The command I want you to try is

iptables -P INPUT DROP

That is:
"iptables" in lower case
a space
a hyphen or minus sign
a capital P
a space
"INPUT" in capitals
a space
"DROP" in capitals
<enter>.

If you really do get an error in response to this, your system is very sick.

 

Antony.

>  ----- Original Message -----
> From: "Antony Stone" <Antony@Soft-Solutions.co.uk>
> To: <netfilter@lists.samba.org>
> Sent: Friday, July 05, 2002 6:00 PM
> Subject: Re: I need help , please
>
> > On Friday 05 July 2002 10:25 am, david wrote:
> > > OK , I agree.In fact I  am just trying.
> > > I heve tested a simpler script :
> > >
> > > # Standard default policies
> > > iptables -P INPUT DROP
> > > iptables -P FORWARD DROP
> > > iptables -P OUTPUT DROP
> > >
> > > am here you have the output.
> > > /etc/rc.d/init.d/iptables : command not found
> > > iptables: bad police name
> > > iptables: bad police name
> > > iptables: bad police name
> > > /etc/rc.d/init.d/iptables : command not found
> >
> > Do you have . in your path ???   It looks to me as though you're in
> > /etc/rc.d/init.d when you type this, and it's trying to run the iptables
> > script in the local directory instead of the iptables binary in /sbin
> >
> > What happens if you cd to /root and type
> > iptables -P INPUT DROP
> >
> >
> >
> > Antony.

RE: I need help , please

[Joe Patterson]

next tell us the output of these commands:

which iptables
file `which iptables`

and did you mean to mis-spell INPUT as INPUD?

-Joe


> -----Original Message-----
> From: netfilter-admin@lists.samba.org
> [mailto:netfilter-admin@lists.samba.org]On Behalf Of david
> Sent: Friday, July 05, 2002 6:37 AM
> To: Antony Stone
> Cc: netfilter@lists.samba.org
> Subject: Re: I need help , please
> 
> 
> Antony;
> 
> #iptables -P INPUD DROP
> iptables:Bad built in chain name
> 
> if I turn to:
> #iptables -P inpud DROP
> iptables:Bad built in chain name
> 
> if I try:
> #iptables -p inpud DROP
> iptables v1.2.3: unknown protocol `inpud` specified
> 
> thanks again tony
> 
> david
> 
> ----- Original Message -----
> From: "Antony Stone" <Antony@Soft-Solutions.co.uk>
> To: <netfilter@lists.samba.org>
> Sent: Friday, July 05, 2002 6:35 PM
> Subject: Re: I need help , please
> 
> 
> > On Friday 05 July 2002 11:18 am, david wrote:
> >
> > > iptables:Bad built-in change name
> >
> > What *exactly* did you type (punctuation as well) and what *exactly* is
> the
> > response ?
> >
> > The command I want you to try is
> >
> > iptables -P INPUT DROP
> >
> > That is:
> > "iptables" in lower case
> > a space
> > a hyphen or minus sign
> > a capital P
> > a space
> > "INPUT" in capitals
> > a space
> > "DROP" in capitals
> > <enter>.
> >
> > If you really do get an error in response to this, your system is very
> sick.
> >
> >
> >
> > Antony.
> >
> > >  ----- Original Message -----
> > > From: "Antony Stone" <Antony@Soft-Solutions.co.uk>
> > > To: <netfilter@lists.samba.org>
> > > Sent: Friday, July 05, 2002 6:00 PM
> > > Subject: Re: I need help , please
> > >
> > > > On Friday 05 July 2002 10:25 am, david wrote:
> > > > > OK , I agree.In fact I  am just trying.
> > > > > I heve tested a simpler script :
> > > > >
> > > > > # Standard default policies
> > > > > iptables -P INPUT DROP
> > > > > iptables -P FORWARD DROP
> > > > > iptables -P OUTPUT DROP
> > > > >
> > > > > am here you have the output.
> > > > > /etc/rc.d/init.d/iptables : command not found
> > > > > iptables: bad police name
> > > > > iptables: bad police name
> > > > > iptables: bad police name
> > > > > /etc/rc.d/init.d/iptables : command not found
> > > >
> > > > Do you have . in your path ???   It looks to me as though you're in
> > > > /etc/rc.d/init.d when you type this, and it's trying to run the
> iptables
> > > > script in the local directory instead of the iptables 
> binary in /sbin
> > > >
> > > > What happens if you cd to /root and type
> > > > iptables -P INPUT DROP
> > > >
> > > >
> > > >
> > > > Antony.
> 
> 
> 
> 

Re: I need help , please

[Antony Stone]

On Friday 05 July 2002 11:37 am, david wrote:

> Antony;
>
> #iptables -P INPUD DROP
> iptables:Bad built in chain name

Okay, now type it with a 'T' next time.

 

Antony.

> ----- Original Message -----
> From: "Antony Stone" <Antony@Soft-Solutions.co.uk>
> To: <netfilter@lists.samba.org>
> Sent: Friday, July 05, 2002 6:35 PM
> Subject: Re: I need help , please
>
> > On Friday 05 July 2002 11:18 am, david wrote:
> > > iptables:Bad built-in change name
> >
> > What *exactly* did you type (punctuation as well) and what *exactly* is
> > the response ?
> >
> > The command I want you to try is
> >
> > iptables -P INPUT DROP
> >
> > That is:
> > "iptables" in lower case
> > a space
> > a hyphen or minus sign
> > a capital P
> > a space
> > "INPUT" in capitals
> > a space
> > "DROP" in capitals
> > <enter>.
> >
> > If you really do get an error in response to this, your system is very
> > sick.
>
> > Antony.

Re: I need help , please

[Antony Stone]

On Friday 05 July 2002 5:45 pm, Joe Patterson wrote:

> next tell us the output of these commands:
>
> which iptables
> file `which iptables`

I think we should point out that the ` symbols above are the backtick 
character (probably at the top left of your keyboard), and not the apostrophe.

Also, please can you tell us what you get in response to
echo $PATH

 

Antony.

RE: I need help , please

[Ed Street]

Try INPUT
;)

Ed

-----Original Message-----
From: netfilter-admin@lists.samba.org
[mailto:netfilter-admin@lists.samba.org] On Behalf Of david
Sent: Friday, July 05, 2002 6:37 AM
To: Antony Stone
Cc: netfilter@lists.samba.org
Subject: Re: I need help , please

Antony;

#iptables -P INPUD DROP
iptables:Bad built in chain name

if I turn to:
#iptables -P inpud DROP
iptables:Bad built in chain name

if I try:
#iptables -p inpud DROP
iptables v1.2.3: unknown protocol `inpud` specified

thanks again tony

david

----- Original Message -----
From: "Antony Stone" <Antony@Soft-Solutions.co.uk>
To: <netfilter@lists.samba.org>
Sent: Friday, July 05, 2002 6:35 PM
Subject: Re: I need help , please


> On Friday 05 July 2002 11:18 am, david wrote:
>
> > iptables:Bad built-in change name
>
> What *exactly* did you type (punctuation as well) and what *exactly*
is
the
> response ?
>
> The command I want you to try is
>
> iptables -P INPUT DROP
>
> That is:
> "iptables" in lower case
> a space
> a hyphen or minus sign
> a capital P
> a space
> "INPUT" in capitals
> a space
> "DROP" in capitals
> <enter>.
>
> If you really do get an error in response to this, your system is very
sick.
>
>
>
> Antony.
>
> >  ----- Original Message -----
> > From: "Antony Stone" <Antony@Soft-Solutions.co.uk>
> > To: <netfilter@lists.samba.org>
> > Sent: Friday, July 05, 2002 6:00 PM
> > Subject: Re: I need help , please
> >
> > > On Friday 05 July 2002 10:25 am, david wrote:
> > > > OK , I agree.In fact I  am just trying.
> > > > I heve tested a simpler script :
> > > >
> > > > # Standard default policies
> > > > iptables -P INPUT DROP
> > > > iptables -P FORWARD DROP
> > > > iptables -P OUTPUT DROP
> > > >
> > > > am here you have the output.
> > > > /etc/rc.d/init.d/iptables : command not found
> > > > iptables: bad police name
> > > > iptables: bad police name
> > > > iptables: bad police name
> > > > /etc/rc.d/init.d/iptables : command not found
> > >
> > > Do you have . in your path ???   It looks to me as though you're
in
> > > /etc/rc.d/init.d when you type this, and it's trying to run the
iptables
> > > script in the local directory instead of the iptables binary in
/sbin
> > >
> > > What happens if you cd to /root and type
> > > iptables -P INPUT DROP
> > >
> > >
> > >
> > > Antony.

Re: I need help , please

[Adam D. Barratt]

Antony Stone wrote:

> On Friday 05 July 2002 11:18 am, david wrote:
>
> > iptables:Bad built-in change name
>
> What *exactly* did you type (punctuation as well) and what *exactly*
is the
> response ?
[..]
> If you really do get an error in response to this, your system is
very sick.

I'm assuming David's translating / mistyping the error messages, or
it's very sick indeed. ;-)

Adam

Re: I need help , please

[Antony Stone]

On Friday 05 July 2002 1:50 pm, david wrote:

> which iptables
> /sbin/iptables

Okay, and what is the answer to
file `which iptables`

What is the response to
iptables -P INPUT DROP

What is the result of
echo $PATH

> Let me say you something.I have a smp kernel(simetric multi procesor
> kernel) , maybe that is the reason

No, iptables works fine on SMP machines.

 

Antony.

> ----- Original Message -----
> From: "Joe Patterson" <jpatterson@asgardgroup.com>
> To: "david" <david@aid.inf.cu>; "Antony Stone"
> <Antony@Soft-Solutions.co.uk> Cc: <netfilter@lists.samba.org>
> Sent: Friday, July 05, 2002 6:45 PM
> Subject: RE: I need help , please
>
> > next tell us the output of these commands:
> >
> > which iptables
> > file `which iptables`
> >
> > and did you mean to mis-spell INPUT as INPUD?
> >
> > -Joe

Re: I need help , please

[Antony Stone]

On Friday 05 July 2002 1:56 pm, david wrote:

> Tony:
>
> #echo $PATH
> /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin
>: /root/bin
>
> how you can see iptables is in the PATH

Okay, that's good.   I was concerned that you might have . in your path, so 
that commands in the local directory were getting executed instead of the 
ones in /sbin./bin etc.

By the way, did you ever try the list of rules I posted in 
http://lists.samba.org/pipermail/netfilter/2002-July/024548.html ?

 

Antony.

> ----- Original Message -----
> From: "Antony Stone" <Antony@Soft-Solutions.co.uk>
> To: <netfilter@lists.samba.org>
> Sent: Friday, July 05, 2002 6:54 PM
> Subject: Re: I need help , please
>
> > On Friday 05 July 2002 5:45 pm, Joe Patterson wrote:
> > > next tell us the output of these commands:
> > >
> > > which iptables
> > > file `which iptables`
> >
> > I think we should point out that the ` symbols above are the backtick
> > character (probably at the top left of your keyboard), and not the
>
> apostrophe.
>
> > Also, please can you tell us what you get in response to
> > echo $PATH
> >
> >
> >
> > Antony.

Re: I need help , please

[Antony Stone]

On Friday 05 July 2002 2:54 pm, david wrote:

> Yes Antony ,but I do not know what to do with these rules

Simple.   Put them in a script, on their own, and run it.   See if it does 
what you want.

> .I put these in the
> /etc/rc.d/init.d/iptables script , in  the start section of the script and
> then what i do is :
>
> service iptables save
> /etc/rc.d/init.d/iptables restart

I cannot comment on this because I don't do that on my system.   Why do you 
do that on yours ?

> and I got all those errors message.
>
> Maybe I am doing something wrong with putting these rules in the script.

Is there something else in the script which could be causing the problems ?

 

Antony.

Re: I need help , please

[Wayne Topa]

david(david@aid.inf.cu) is reported to have said:
> Antony;
> 
> #iptables -P INPUD DROP
               INPUD???  INPUT
> iptables:Bad built in chain name
> 
> if I turn to:
> #iptables -P inpud DROP
> iptables:Bad built in chain name


-- 
Everyone can be taught to sculpt: Michelangelo would have had to be
taught how __not to.  So it is with the great programmers.
_______________________________________________________

Re: I need help , please

[Antony Stone]

On Friday 05 July 2002 3:44 pm, david wrote:

> Tony:
>
> When I write these rules in the command line all is OK and  the rules works
> fine.

Good.   This is progress.

> But if I put the same rules in a script :
>
> #!/bin/bash
> # Standard default policies
> iptables -P INPUT DROP
> iptables -P FORWARD DROP
> iptables -P OUTPUT DROP
>
> I got these errors
>
> iptables :Bad police name
> iptables :Bad police name
> iptables :Bad police name
>
> Then what?

What is the output of this command ?

find  /  -name  iptables

 

Antony.

Re: I need help , please

[Antony Stone]

On Friday 05 July 2002 3:44 pm, david wrote:

> When I write these rules in the command line all is OK and  the rules works
> fine.
> But if I put the same rules in a script :
>
> #!/bin/bash
> # Standard default policies
> iptables -P INPUT DROP
> iptables -P FORWARD DROP
> iptables -P OUTPUT DROP
>
> I got these errors
>
> iptables :Bad police name
> iptables :Bad police name
> iptables :Bad police name

What name did you call the script ?

Where did you put the script ?

How did you run the script ?

Does the same thing happen if you change all occurences of 'iptables' inside 
the script for '/sbin/iptables' instead ?

 

Antony.

Re: I need help , please

[Wayne Topa]

david(david@aid.inf.cu) is reported to have said:
> Tony:
> 
> When I write these rules in the command line all is OK and  the rules works
> fine.
> But if I put the same rules in a script :
> 
> #!/bin/bash
Add
IPTABLES=/sbin/iptables  #(Or where your iptables binary is)
> # Standard default policies

Change iptables to $IPTABLES

$IPTABLES -P FORWARD ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P INPUT DROP

> iptables -P INPUT DROP
> 
> 
> iptables -P FORWARD DROP
> iptables -P OUTPUT DROP
> 
-- 
I haven't lost my mind; it's backed up on tape somewhere.
_______________________________________________________