[RESOLVED] iptables

thorpe · Feb 8, 2006

ok... never dealt with iptables before. nothing fancy here, a few simple rules. im getting an error. iptables-restore: line 32 failed when i run...

iptables-restore /etc/iptables.conf

line 32 is the COMMIT, and here is my /etc/iptables.conf file.

# the filter table.
*filter
# default rules.
# used when no rules are found (to match) in the chain.
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
# allow loopback (local).
-A INPUT -i lo -j ACCEPT
# allow oblivion connections on port 22 (ssh)
-A INPUT -s 10.1.1.2 -m tcp --dport 22 -j ACCEPT
# drop (all) invalid connections.
-A INPUT -m state --state INVALID -j DROP
-A OUTPUT -m state --state INVALID -j DROP
-A FORWARD -m state --state  INVALID -j DROP
# allow all established and related connections.
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

COMMIT

Im following this and this as examples, though I only have 1 pc exposed to the internet.

Im in a gentoo machine if that makes any diiference.

can anyone help? Im hoping its just a syntax error im too blind to see.

jazz_snob · Feb 9, 2006

I am new to iptables as well, but my manpage for iptables-restore says "Use I/O redirection provided by your shell to read from a file" so probably

iptables-restore < /etc/iptables.conf

I found this helpful: http://myy.helia.fi/~karte/linux/doc/firewall-iptables.html

thorpe · Feb 9, 2006

Use I/O redirection

hmm... A bit strange. It appears to accept the file as an argument aswell as that wasn't the problem.

I ended up having to recompile the kernel with all the netfilter configuration loaded as a module. I'd had It built in.

Not sure why, but its all working now.

Thanks for the link.

thorpe · Feb 9, 2006

Man... If your looking for a pretty in depth tutorial / explination of iptables, this seems pretty darn good.

[RESOLVED] iptables

Tthorpe

Jjazz_snob

iptables-restore < /etc/iptables.conf

Tthorpe

Tthorpe