Login or Register to Ask a Question and Join Our Community


Debian

not run script firewall (lenny 5.0.4)

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Linux Debian not run script firewall (lenny 5.0.4)
# 1  
Old 03-31-2010
not run script firewall (lenny 5.0.4)
startup script displays a message:

Code:
# /etc/init.d/firewall start
Starting firewall: iptables
iptables v1.4.2: Can't use -i with OUTPUT

Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.2: Can't use -i with OUTPUT

not to understand what is wrong in the script.
Who then can tell you that?

Code:
#!/bin/sh
#chkconfig: - 98 02
IPTAB="/sbin/iptables"
INET_IFACE="ppp0"
UNPRIPORTS="1024:65535"
start_fw()
{
echo 1 > /proc/sys/net/ipv4/ip_forward
$IPTAB -F
$IPTAB -X
$IPTAB -P INPUT DROP
$IPTAB -P OUTPUT DROP
$IPTAB -P FORWARD ACCEPT
$IPTAB -A INPUT -i lo -j ACCEPT
$IPTAB -A OUTPUT -o lo -j ACCEPT
$IPTAB -A INPUT -m state ! -i lo --state NEW -j DROP
$IPTAB -A INPUT -s 127.0.0.1/255.0.0.0 ! -i lo -j DROP
$IPTAB -A INPUT -m state --state INVALID -j DROP
$IPTAB -A FORWARD -m state --state INVALID -j DROP
$IPTAB -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTAB -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
$IPTAB -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
$IPTAB -A OUTPUT -p tcp ! --syn -m state --state NEW -j DROP
$IPTAB -A INPUT -p UDP -s 0/0 --destination-port 138 -j DROP
$IPTAB -A INPUT -p UDP -s 0/0 --destination-port 113 -j REJECT
$IPTAB -A INPUT -p UDP -s 0/0 --source-port 67 --destination-port 68 -j ACCEPT
$IPTAB -A INPUT -p UDP -j RETURN
$IPTAB -A OUTPUT -p UDP -s 0/0 -j ACCEPT
$IPTAB -A INPUT --fragment -p ICMP -j DROP
$IPTAB -A OUTPUT --fragment -p ICMP -j DROP
$IPTAB -A INPUT -p icmp -m icmp -i $INET_IFACE --icmp-type source-quench -j ACCEPT
$IPTAB -A OUTPUT -p icmp -m icmp -o $INET_IFACE --icmp-type source-quench -j ACCEPT
$IPTAB -A INPUT -p icmp -m icmp -i $INET_IFACE --icmp-type echo-reply -j ACCEPT
$IPTAB -A OUTPUT -p icmp -m icmp -o $INET_IFACE --icmp-type echo-request -j ACCEPT
$IPTAB -A INPUT -p icmp -m icmp -i $INET_IFACE --icmp-type parameter-problem -j ACCEPT
$IPTAB -A OUTPUT -p icmp -m icmp -o $INET_IFACE --icmp-type parameter-problem -j ACCEPT
$IPTAB -A OUTPUT -p udp -m udp -o $INET_IFACE --dport 53 --sport $UNPRIPORTS -j ACCEPT
$IPTAB -A OUTPUT -p tcp -m tcp -o $INET_IFACE --dport 53 --sport $UNPRIPORTS -j ACCEPT
$IPTAB -A INPUT -p udp -m udp -i $INET_IFACE --dport $UNPRIPORTS --sport 53 -j ACCEPT
$IPTAB -A INPUT -p tcp -m tcp -i $INET_IFACE --dport 1024:65353 --sport 53 -j ACCEPT
$IPTAB -A OUTPUT -p tcp -m tcp -o $INET_IFACE --dport 113 --sport $UNPRIPORTS -j ACCEPT
$IPTAB -A INPUT -p tcp -m tcp -i $INET_IFACE --dport $UNPRIPORTS --sport 113 -j ACCEPT ! --syn
$IPTAB -A INPUT -p tcp -m tcp -i $INET_IFACE --dport 113 -j DROP
$IPTAB -A OUTPUT -p tcp -m tcp -o $INET_IFACE --dport 25 --sport $UNPRIPORTS -j ACCEPT
$IPTAB -A INPUT -p tcp -m tcp -i $INET_IFACE --dport $UNPRIPORTS --sport 25 -j ACCEPT ! --syn
$IPTAB -A OUTPUT -p tcp -m tcp -o $INET_IFACE --dport 110 --sport $UNPRIPORTS -j ACCEPT
$IPTAB -A INPUT -p tcp -m tcp -i $INET_IFACE --dport $UNPRIPORTS --sport 110 -j ACCEPT ! --syn
$IPTAB -A OUTPUT -p tcp -m tcp -o $INET_IFACE --dport 143 --sport $UNPRIPORTS -j ACCEPT
$IPTAB -A INPUT -p tcp -m tcp -i $INET_IFACE --dport $UNPRIPORTS --sport 143 -j ACCEPT ! --syn
$IPTAB -A OUTPUT -p tcp -m tcp -o $INET_IFACE --dport 22 --sport $UNPRIPORTS -j ACCEPT
$IPTAB -A INPUT -p tcp -m tcp -i $INET_IFACE --dport $UNPRIPORTS --sport 22 -j ACCEPT ! --syn
$IPTAB -A OUTPUT -p tcp -m tcp -o $INET_IFACE --dport 22 --sport 1020:1023 -j ACCEPT
$IPTAB -A INPUT -p tcp -m tcp -i $INET_IFACE --dport 1020:1023 --sport 22 -j ACCEPT ! --syn
$IPTAB -A OUTPUT -p tcp -m tcp -o $INET_IFACE --dport 21 --sport $UNPRIPORTS -j ACCEPT
$IPTAB -A INPUT -p tcp -m tcp -i $INET_IFACE --dport $UNPRIPORTS --sport 21 -j ACCEPT ! --syn
$IPTAB -A OUTPUT -p tcp -m tcp -m multiport -o $INET_IFACE --sport $UNPRIPORTS -j ACCEPT --dports 80,443
$IPTAB -A INPUT -p tcp -m tcp -m multiport -i $INET_IFACE --dport $UNPRIPORTS -j ACCEPT --sports 80,443 ! --syn
$IPTAB -A INPUT -p tcp -m tcp -i $INET_IFACE --dport $UNPRIPORTS --sport 20 -j ACCEPT
$IPTAB -A OUTPUT -p tcp -m tcp -o $INET_IFACE --dport 20 --sport $UNPRIPORTS -j ACCEPT ! --syn
$IPTAB -A OUTPUT -p tcp -m tcp -o $INET_IFACE --dport $UNPRIPORTS --sport $UNPRIPORTS -j ACCEPT
$IPTAB -A INPUT -p tcp -m tcp -i $INET_IFACE --dport $UNPRIPORTS --sport $UNPRIPORTS -j ACCEPT ! --syn
$IPTAB -A OUTPUT -p tcp -m tcp -o $INET_IFACE --dport 23 --sport $UNPRIPORTS -j ACCEPT
$IPTAB -A INPUT -p tcp -m tcp -i $INET_IFACE --dport $UNPRIPORTS --sport 23 -j ACCEPT ! --syn
$IPTAB -A OUTPUT -p tcp -m tcp -o $INET_IFACE --dport 79 --sport $UNPRIPORTS -j ACCEPT
$IPTAB -A INPUT -p tcp -m tcp -i $INET_IFACE --dport $UNPRIPORTS --sport 79 -j ACCEPT ! --syn
$IPTAB -A OUTPUT -p tcp -m tcp -o $INET_IFACE --dport 43 --sport $UNPRIPORTS -j ACCEPT
$IPTAB -A INPUT -p tcp -m tcp -i $INET_IFACE --dport $UNPRIPORTS --sport 43 -j ACCEPT ! --syn
$IPTAB -A OUTPUT -p tcp -m tcp -o $INET_IFACE --dport 70 --sport $UNPRIPORTS -j ACCEPT
$IPTAB -A INPUT -p tcp -m tcp -i $INET_IFACE --dport $UNPRIPORTS --sport 70 -j ACCEPT ! --syn
$IPTAB -A OUTPUT -p tcp -m tcp -o $INET_IFACE --dport 210 --sport $UNPRIPORTS -j ACCEPT
$IPTAB -A INPUT -p tcp -m tcp -i $INET_IFACE --dport $UNPRIPORTS --sport 210 -j ACCEPT ! --syn
$IPTAB -A OUTPUT -p udp -m udp -o $INET_IFACE --dport 33434:33523 --sport 32769:65535 -j ACCEPT
$IPTAB -A OUTPUT -i eth2 -p tcp -j ULOG --ulog-prefix "out-tcp-eth2: " 
$IPTAB -A INPUT -i eth2 -p tcp -j ULOG --ulog-prefix "inp-tcp-eth2: "
$IPTAB -A OUTPUT -i ppp0 -p tcp -j ULOG --ulog-prefix "out-tcp-ppp0: "
$IPTAB -A INPUT -i ppp0 -p tcp -j ULOG --ulog-prefix "inp-tcp-ppp0: "
}
case "$1" in
start) echo -n "Starting firewall: iptables"
 start_fw
        echo "." 
 ;;
stop) echo -n "Stopping firewall: iptables"
 iptables -F
 iptables -X
        echo "."
        ;;
save) echo -n "Saving firewall: iptables"
 iptables-save > /etc/rules-save
 echo "."
 ;;    
restart) echo -n "Restarting firewall: iptables"
 iptables -F
 iptables -X
 cat /etc/rules-save | iptables-restore
        echo "."
        ;;
reload|force-reload) echo -n "Reloading configuration files for firewall: iptables"
        echo "."
        ;;
*) echo "Usage: /etc/init.d/rc.iptables start|stop|restart|reload|force-reload"
        exit 1 
        ;;
esac
exit 0

Last edited by moskovets; 03-31-2010 at 04:35 AM..
moskovets
# 2  
Old 03-31-2010
On lines 73 and 75 you're trying to add a filter based on the input device to the output filter chain, which cannot work.
# 3  
Old 03-31-2010
Thanks for your help!
moskovets
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Shell script run in a case statement call to run a php file, also Perl

Linux System having all Perl, Python, PHP (and Ruby) installed From a Shell script, can call a Perl, Python, PHP (or Ruby ?) file eg eg a Shell script run in a case statement call to run a php file, also Perl or/and Python file??? Like #!/usr/bin/bash .... .... case $INPUT_STRING... (1 Reply)
Discussion started by: hoyanet
1 Replies

2. Linux

Chrome browser no longer working on my debian lenny 5

Hi All, My chrome browser was working correctly on my Debian Lenny 5 PC..Today i downloaded the version from google and tried to install the deb from command line as follows: dpkg -i <latest-chrome-package> The installation failed but now my existing old chrome browser is not starting. ... (2 Replies)
Discussion started by: coolatt
2 Replies

3. Shell Programming and Scripting

how to run an already made script run against a list of ip addresses solaris 8 question

how to run an already developed script run against a list of ip addresses solaris 8 question. the script goes away and check traffic information, for example check_GE-VLANStats-P3 1.1.1.1 and returns the results ok. how do I run this against an ip list? i.e a list of 30 ip addresses (26 Replies)
Discussion started by: llcooljatt
26 Replies

4. Debian

[Lenny] I seem to have broken X...

I have been running Debian Lenny on this current PC for about a year. Since installation, I have had no major issues. Last night, I lazily tapped out: $ sudo aptitude update $ sudo aptitude upgrade I quickly scanned what it said would be changed and did not notice anything that may be... (12 Replies)
Discussion started by: Elric of Grans
12 Replies

5. Debian

How to install Java in Debian Lenny

Hi all im trying to install Java in Debian lenny with apt-get install but can find the packages...anyone can help me on this one? thanks (2 Replies)
Discussion started by: ro0t3d
2 Replies

6. Shell Programming and Scripting

downgrade sh to 3.1 - debian lenny - how?

Hello, i'd need to downgrade sh to the latest 3.1 version, been trying to pin the version in apt preferences or use aptitude but it doesn't want to work. (Best possible to GNU bash, version 3.1.17(1)-release (x86_64-pc-linux-gnu)) Linux version 2.6.26-2-amd64 (Debian 2.6.26-19lenny2)... (0 Replies)
Discussion started by: TehOne
0 Replies

7. Debian

Debian Lenny update problems

Hi everybody! I have a very big problem, I can not make any updates on my debian lenny. I get everytime this errors with apt-get update: Err http://security.debian.org lenny/updates Release.gpg Connection failed Err http://www.backports.org lenny-backports Release.gpg Connection... (2 Replies)
Discussion started by: magge
2 Replies

8. Debian

Lenny upgrade and my CD-ROM...

I recently upgraded from Etch to Lenny. There were a few hiccoughs, but I was able to sort most of these out myself. There is just one little niggle left that I have no idea how to go about fixing. My CD-ROM now ejects on boot, and will not stay closed. When I boot the system, I notice that... (0 Replies)
Discussion started by: Elric of Grans
0 Replies

9. Cybersecurity

The Best Script For Iptables Firewall

UTIN Firewall script for Linux 2.4.x and iptables ============================================== #!/bin/sh # # rc.firewall - UTIN Firewall script for Linux 2.4.x and iptables # # Copyright (C) 2001 Oskar Andreasson <bluefluxATkoffeinDOTnet> # # This program is free software; you can... (5 Replies)
Discussion started by: binhnx2000
5 Replies
Login or Register to Ask a Question