[WBEL-users] Iptables Not Working

Ed Morrison emorrison@ncen.org
Thu, 15 Jul 2004 11:48:50 -0700 

Hi Everyone,

I'm having a problem with my iptables not working.  Below is my iptables
file.  If someone could show me what it is I am doing wrong I would
surely appreciate it.  This is running on WBEL 3.0 and it is my mail
server.  I have spammers sending directly to it and need to drop those
packets....


Thank you,

Ed


*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo  -j ACCEPT
-A INPUT -s 24.20.253.108 -j DROP
-A INPUT -s 69.145.105.154 -j DROP
-A INPUT -s 4.11.196.79 -j DROP
-A INPUT -s 80.202.20.7 -j DROP
-A INPUT -s 137.164.158.14 -j DROP
-A INPUT -s 201.129.85.142 -j DROP
-A INPUT -s 24.19.7.146 -j DROP
-A INPUT -s 66.44.140.103 -j DROP
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 106 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 995 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p udp --dport 995 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT


If I run: service iptables start I receive this error:

# service iptables start
Flushing firewall rules: [  OK  ]
Setting chains to policy ACCEPT: filter [  OK  ]
Unloading iptables modules: [  OK  ]
Applying iptables firewall rules: iptables-restore: line 23 failed
[FAILED]

It doesn't like the COMMIT line.  

If I remove the COMMIT.  I see this when start iptables:
 
# service iptables start
Flushing firewall rules: [  OK  ]
Setting chains to policy ACCEPT: filter [  OK  ]
Unloading iptables modules: [  OK  ]
Applying iptables firewall rules: [  OK  ]



And yet when I run: iptables -L -v   to verify that the tables loaded
none of the rules show up:

Chain INPUT (policy ACCEPT 1753 packets, 296K bytes)
 pkts bytes target     prot opt in     out     source     destination


Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source     destination


Chain OUTPUT (policy ACCEPT 1820 packets, 293K bytes)
 pkts bytes target     prot opt in     out     source     destination