[WBEL-users] Iptables Not Working
Ed Morrison
emorrison@ncen.org
Thu, 15 Jul 2004 11:48:50 -0700
Hi Everyone,
I'm having a problem with my iptables not working. Below is my iptables
file. If someone could show me what it is I am doing wrong I would
surely appreciate it. This is running on WBEL 3.0 and it is my mail
server. I have spammers sending directly to it and need to drop those
packets....
Thank you,
Ed
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -s 24.20.253.108 -j DROP
-A INPUT -s 69.145.105.154 -j DROP
-A INPUT -s 4.11.196.79 -j DROP
-A INPUT -s 80.202.20.7 -j DROP
-A INPUT -s 137.164.158.14 -j DROP
-A INPUT -s 201.129.85.142 -j DROP
-A INPUT -s 24.19.7.146 -j DROP
-A INPUT -s 66.44.140.103 -j DROP
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 106 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 995 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p udp --dport 995 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
If I run: service iptables start I receive this error:
# service iptables start
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: iptables-restore: line 23 failed
[FAILED]
It doesn't like the COMMIT line.
If I remove the COMMIT. I see this when start iptables:
# service iptables start
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]
And yet when I run: iptables -L -v to verify that the tables loaded
none of the rules show up:
Chain INPUT (policy ACCEPT 1753 packets, 296K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1820 packets, 293K bytes)
pkts bytes target prot opt in out source destination