Am Sonntag, 23. Juli 2006 13:17 schrieb Carlos E. R.: I've trimmed your error messages:
iptables v1.3.5: host/network `##' not found iptables v1.3.5: host/network `Type:' not found iptables v1.3.5: host/network `string' not found iptables v1.3.5: host/network `##' not found iptables v1.3.5: host/network `Default:' not found
I worry about the "not found" errors. How do I find out what is the exact problem?
Have a look at your /etc/sysconfig/SuSEfirewall2, e.g.: ## Path: Network/Firewall/SuSEfirewall2 ## Description: SuSEfirewall2 configuration ## Type: string ## Default: any Obviously, parts of a comment get passed to iptables-batch/iptables.
A bug of mine or of SuSE? It does not report the problematic file or line.
SuSEfirewall2 does not recognize that error and, thus, silently passing wrong parameters. Then, iptables-batch/iptables complains about them.
The configuration is the same I had with 9.3, and it worked with no errors, AFAIK.
You should check your /etc/sysconfig/SuSEfirewall2. E.g., by using grep -v "#" /etc/sysconfig/SuSEfirewall2 to ensure that all options are well-formed (KEY="VALUE"). If so, try to comment out all options and re-add them one by one until the problem is triggered.
I'm also getting some strange errors, maybe non related:
Jul 23 13:13:16 nimrodel kernel: SFW2-OUT-ERROR IN= OUT=eth0 SRC=192.168.1.12 DST=134.76.11.100 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=61663 DF PROTO=TCP SPT=24438 DPT=80 WINDOW=2184 RES=0x00 ACK FIN URGP=0 OPT (0101080A0002D56B70A5E356) (...).
Hmm, you already experienced such log entries some months ago. :) http://lists.suse.com/archive/suse-security/2006-Apr/0056.html Gruß Jan -- Ambition is a poor excuse for not having enough sense to be lazy.