error with iptables-restore

Linux Netfilter discussions
 help / color / mirror / Atom feed

* error with iptables-restore
@ 2008-10-22 13:50 Joey
  2008-10-22 14:05 ` Eljas Alakulppi
  2008-10-22 16:15 ` Gilad Benjamini
  0 siblings, 2 replies; 3+ messages in thread
From: Joey @ 2008-10-22 13:50 UTC (permalink / raw)
  To: IPTables

Hello Everyone,

I have been working on getting my ip list to be written to a save file, and
it looks good, but I get this error when restoring:

iptables-restore v1.3.5: error creating chain 'CIDR-TURKEY':File exists

Error occurred at line: 9945

No there are 20 other chains that are generated prior to this one in exactly
the same way, and there are several chains that load PRIOR to this one, so I
know I don't have a syntax issue.

Line 9945 has this:

:CIDR-TURKEY - [0:0]

Which looks exactly the same as every other chain creation line.

I have linked the entire generated text file ( restore formatted file ) here
<http://web56.net/TEST-IP-TABLES> 

Sorry to be such a newb..

Thanks!

Joey

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: error with iptables-restore
  2008-10-22 13:50 error with iptables-restore Joey
@ 2008-10-22 14:05 ` Eljas Alakulppi
  2008-10-22 16:15 ` Gilad Benjamini
  1 sibling, 0 replies; 3+ messages in thread
From: Eljas Alakulppi @ 2008-10-22 14:05 UTC (permalink / raw)
  To: Joey, IPTables

Hey.

Your CIDR-TURKEY chain is duplicated.
buzer@nanoha:/nanoha-md1/wsc/network$ cat -n TEST-IP-TABLES | grep  
"CIDR-TURKEY - "
   9027  :CIDR-TURKEY - [0:0]
   9945  :CIDR-TURKEY - [0:0]

And I would recomend to have a look on ipset package, your current  
iptables config is very ineffective (it goes thru *all* rules on *all*  
incoming traffic except if it matches at some point. And if it does, it  
will still be going thru everything unitl that point). You should *at  
least* use something like:
:SMTPTRAFFIC - [0:0]
:LOGASIA - [0:0]
-A INPUT -p tcp --dport 25 -m state --state NEW -j SMTPTRAFFIC
-A SMTPTRAFFIC -j CIDR-ASIAN
-A CIDR-ASIAN -s 58.14.0.0/15 -j LOGASIA
-A LOGASIA -j LOG --log-prefix "SPAM-BLOCK-CIDR-ASIAN"
-A LOGASIA -j DROP

And regarding your other email, yes.

-Eljas Alakulppi

On Wed, 22 Oct 2008 16:50:37 +0300, Joey <Joey@web56.net> wrote:

> Hello Everyone,
>
>
> I have been working on getting my ip list to be written to a save file,  
> and
> it looks good, but I get this error when restoring:
>
>
> iptables-restore v1.3.5: error creating chain 'CIDR-TURKEY':File exists
>
> Error occurred at line: 9945
>
>
> No there are 20 other chains that are generated prior to this one in  
> exactly
> the same way, and there are several chains that load PRIOR to this one,  
> so I
> know I don't have a syntax issue.
>
>
> Line 9945 has this:
>
> :CIDR-TURKEY - [0:0]
>
>
> Which looks exactly the same as every other chain creation line.
>
>
> I have linked the entire generated text file ( restore formatted file )  
> here
> <http://web56.net/TEST-IP-TABLES>
>
>
>
> Sorry to be such a newb..
>
>
> Thanks!
>
> Joey
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html



-- 
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/

^ permalink raw reply	[flat|nested] 3+ messages in thread

* RE: error with iptables-restore
  2008-10-22 13:50 error with iptables-restore Joey
  2008-10-22 14:05 ` Eljas Alakulppi
@ 2008-10-22 16:15 ` Gilad Benjamini
  1 sibling, 0 replies; 3+ messages in thread
From: Gilad Benjamini @ 2008-10-22 16:15 UTC (permalink / raw)
  To: 'IPTables'

"File Exists" usually means an identical entry (not necessarily a file)
already exists.
The same chain is already defined in line 9027

> -----Original Message-----
> From: netfilter-owner@vger.kernel.org [mailto:netfilter-
> owner@vger.kernel.org] On Behalf Of Joey
> Sent: Wednesday, October 22, 2008 6:51 AM
> To: IPTables
> Subject: error with iptables-restore
> 
> Hello Everyone,
> 
> 
> 
> I have been working on getting my ip list to be written to a save file,
> and
> it looks good, but I get this error when restoring:
> 
> 
> 
> iptables-restore v1.3.5: error creating chain 'CIDR-TURKEY':File exists
> 
> Error occurred at line: 9945
> 
> 
> 
> No there are 20 other chains that are generated prior to this one in
> exactly
> the same way, and there are several chains that load PRIOR to this one,
> so I
> know I don't have a syntax issue.
> 
> 
> 
> Line 9945 has this:
> 
> :CIDR-TURKEY - [0:0]
> 
> 
> 
> Which looks exactly the same as every other chain creation line.
> 
> 
> 
> I have linked the entire generated text file ( restore formatted file )
> here
> <http://web56.net/TEST-IP-TABLES>
> 
> 
> 
> 
> 
> Sorry to be such a newb..
> 
> 
> 
> Thanks!
> 
> Joey
> 
> 
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2008-10-22 16:15 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-10-22 13:50 error with iptables-restore Joey
2008-10-22 14:05 ` Eljas Alakulppi
2008-10-22 16:15 ` Gilad Benjamini

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox