[WBEL-users] Iptables Not Working

Ed ekg@tricity.wsu.edu
Thu, 15 Jul 2004 14:10:17 -0700 

Ed Morrison wrote:
> Hi Everyone,
> 
> I'm having a problem with my iptables not working.  Below is my iptables
> file.  If someone could show me what it is I am doing wrong I would
> surely appreciate it.  This is running on WBEL 3.0 and it is my mail
> server.  I have spammers sending directly to it and need to drop those
> packets....
> 
> 
> Thank you,
> 
> Ed

I usually find it easier to put my iptables commands in a script and run
the script to setup the firewall.  It usually gives more informative 
error messages that way. :-)  The only other suggestion is to try DROP 
instead of REJECT in line 22.

   Ed

> 
> 
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> -A INPUT -i lo  -j ACCEPT
> -A INPUT -s 24.20.253.108 -j DROP
> -A INPUT -s 69.145.105.154 -j DROP
> -A INPUT -s 4.11.196.79 -j DROP
> -A INPUT -s 80.202.20.7 -j DROP
> -A INPUT -s 137.164.158.14 -j DROP
> -A INPUT -s 201.129.85.142 -j DROP
> -A INPUT -s 24.19.7.146 -j DROP
> -A INPUT -s 66.44.140.103 -j DROP
> -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
> -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
> -A INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
> -A INPUT -m state --state NEW -m tcp -p tcp --dport 106 -j ACCEPT
> -A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
> -A INPUT -m state --state NEW -m tcp -p tcp --dport 995 -j ACCEPT
> -A INPUT -m state --state NEW -m tcp -p udp --dport 995 -j ACCEPT
> -A INPUT -j REJECT --reject-with icmp-host-prohibited
> COMMIT
> 
> 
> If I run: service iptables start I receive this error:
> 
> # service iptables start
> Flushing firewall rules: [  OK  ]
> Setting chains to policy ACCEPT: filter [  OK  ]
> Unloading iptables modules: [  OK  ]
> Applying iptables firewall rules: iptables-restore: line 23 failed
> [FAILED]
> 
> It doesn't like the COMMIT line.  
> 
> If I remove the COMMIT.  I see this when start iptables:
>  
> # service iptables start
> Flushing firewall rules: [  OK  ]
> Setting chains to policy ACCEPT: filter [  OK  ]
> Unloading iptables modules: [  OK  ]
> Applying iptables firewall rules: [  OK  ]
> 
> 
> 
> And yet when I run: iptables -L -v   to verify that the tables loaded
> none of the rules show up:
> 
> Chain INPUT (policy ACCEPT 1753 packets, 296K bytes)
>  pkts bytes target     prot opt in     out     source     destination
> 
> 
> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
>  pkts bytes target     prot opt in     out     source     destination
> 
> 
> Chain OUTPUT (policy ACCEPT 1820 packets, 293K bytes)
>  pkts bytes target     prot opt in     out     source     destination
> 
> 
> 
> 
> 
> 
> 
> 
> 
> _______________________________________________
> Whitebox-users mailing list
> Whitebox-users@beau.org
> http://beau.org/mailman/listinfo/whitebox-users