Popsuty firewall-init?

Piotr Szymanski djurban at it-zone.org
Mon Mar 22 15:53:33 CET 2004 

Hi,
[root at djurban]$ grep TABLES /etc/sysconfig/firewall
ipv4_TABLES="filter drop" 
ipv6_TABLES=
[root at djurban]$

Jak nie ma drop to mi nie ładuje tego co jest 
w /etc/sysconfig/firewall.d/ipv4/drop. 

[root at djurban]$ cat /etc/sysconfig/firewall.d/ipv4/drop
CHAINS="DROPPING"

ipv4_drop_DROPPING_rules()
{
        $iptables -A INPUT -s adv.gazeta.pl -p tcp -m tcp -j REJECT
        $iptables -A INPUT -s adv.wp.pl -p tcp -m tcp -j REJECT
        $iptables -A INPUT -s adnet.hit.gemius.pl -p tcp -m tcp -j REJECT
        $iptables -A INPUT -s ad.doubleclick.net -p tcp -m tcp -j REJECT
        $iptables -A INPUT -s ad.pl.doubleclick.net -p tcp -m tcp -j REJECT
        $iptables -A INPUT -s reklama.onet.pl -p tcp -m tcp -j REJECT
        return
}

# This must be last line !
# vi:syntax=sh:tw=78:ts=8:sw=4
[root at djurban]$

No i lecimy:

[root at djurban]$ /etc/rc.d/init.d/firewall start
Enabling IPv4 packet forwarding....................................[ DONE ]
Setting up IP spoofing protection..................................[ DONE ]
Load netfilter modules (IPv4)......................................[ DONE ]
Create some usefull chains (IPv4): LDROP WATCH SCAN DOS SAFEDROP SAFEACCEPT 
ICMP
Authorize packet input and output (IPv4)...........................
[ BUSY ]FATAL: Module ip_tables already in kernel.
iptables v1.2.9: can't initialize iptables table `drop': Table does not exist 
(do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
                                                                   [ DONE ]
Enabling IPv6 packet forwarding....................................[ DONE ]
Load netfilter modules (IPv6)......................................[ DONE ]
Create some usefull chains (IPv6): LDROP WATCH SCAN DOS SAFEDROP SAFEACCEPT 
ICMP6 ip6tables v1.2.9: Unknown arg `--icmp-type'
Try `ip6tables -h' or 'ip6tables --help' for more information.
ip6tables v1.2.9: Unknown arg `--icmp-type'
Try `ip6tables -h' or 'ip6tables --help' for more information.
ip6tables v1.2.9: Unknown arg `--icmp-type'
Try `ip6tables -h' or 'ip6tables --help' for more information.
ip6tables v1.2.9: Unknown arg `--icmp-type'
Try `ip6tables -h' or 'ip6tables --help' for more information.
ip6tables v1.2.9: Unknown arg `--icmp-type'
Try `ip6tables -h' or 'ip6tables --help' for more information.
ip6tables v1.2.9: Unknown arg `--icmp-type'
Try `ip6tables -h' or 'ip6tables --help' for more information.
ip6tables v1.2.9: Unknown arg `--icmp-type'
Try `ip6tables -h' or 'ip6tables --help' for more information.
ip6tables v1.2.9: Unknown arg `--icmp-type'
Try `ip6tables -h' or 'ip6tables --help' for more information.
ip6tables v1.2.9: Unknown arg `--icmp-type'
Try `ip6tables -h' or 'ip6tables --help' for more information.
ip6tables v1.2.9: Unknown arg `--icmp-type'
Try `ip6tables -h' or 'ip6tables --help' for more information.
ip6tables v1.2.9: Unknown arg `--icmp-type'
Try `ip6tables -h' or 'ip6tables --help' for more information.
ip6tables v1.2.9: Unknown arg `--icmp-type'
Try `ip6tables -h' or 'ip6tables --help' for more information.
ip6tables v1.2.9: Unknown arg `--icmp-type'
Try `ip6tables -h' or 'ip6tables --help' for more information.
ip6tables v1.2.9: Unknown arg `--icmp-type'
Try `ip6tables -h' or 'ip6tables --help' for more information.
ip6tables v1.2.9: Unknown arg `--icmp-type'
Try `ip6tables -h' or 'ip6tables --help' for more information.
ip6tables v1.2.9: Unknown arg `--icmp-type'
Try `ip6tables -h' or 'ip6tables --help' for more information.
ip6tables v1.2.9: Unknown arg `--icmp-type'
Try `ip6tables -h' or 'ip6tables --help' for more information.
ip6tables v1.2.9: Unknown arg `--icmp-type'
Try `ip6tables -h' or 'ip6tables --help' for more information.
ip6tables v1.2.9: Unknown arg `--icmp-type'
Try `ip6tables -h' or 'ip6tables --help' for more information.
ip6tables v1.2.9: Unknown arg `--icmp-type'
Try `ip6tables -h' or 'ip6tables --help' for more information.

Authorize packet input and output (IPv6)...........................[ DONE ]
[root at djurban]$

-- 
Piotr Szymanski 
djurban at pld-linux.org
adamh - new and improved hiperbolic adam

More information about the pld-devel-pl mailing list