-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi List :-) I have a problem with firwall2 for iptables. When I run the final Susefirewall2_final start script i get the following error messages : Starting Firewall Initialization: (phase 3 of 3) iptables v1.1.2: Unknown arg `--syn' Try `iptables -h' or 'iptables --help' for more information. iptables v1.1.2: Unknown arg `--sport' Try `iptables -h' or 'iptables --help' for more information. iptables v1.1.2: Unknown arg `--syn' Try `iptables -h' or 'iptables --help' for more information. iptables v1.1.2: Unknown arg `--sport' Try `iptables -h' or 'iptables --help' for more information. iptables v1.1.2: Unknown arg `--syn' Try `iptables -h' or 'iptables --help' for more information. iptables v1.1.2: Unknown arg `--sport' Try `iptables -h' or 'iptables --help' for more information. the manpage says --sport is an alias for --source-port and --syn should be ok too. My firewall2.rc.config is attached to this mail ... it is still under construction but i have no idea what causes the above error messages :-( Help would be appreciated, Ciao, Alex. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7A9G6X1OUiCutGtcRApjuAJ4gc+NhcaOXMh8te7a1201J4nhJAACcDf/p Z/Spv0xcLJOyUDLirkozZ28= =d304 -----END PGP SIGNATURE-----
Hi,
Starting Firewall Initialization: (phase 3 of 3) iptables v1.1.2: Unknown arg `--syn' Try `iptables -h' or 'iptables --help' for more information.
iptables v1.1.2: Unknown arg `--sport' Try `iptables -h' or 'iptables --help' for more information.
iptables v1.1.2: Unknown arg `--syn' Try `iptables -h' or 'iptables --help' for more information.
iptables v1.1.2: Unknown arg `--sport' Try `iptables -h' or 'iptables --help' for more information.
iptables v1.1.2: Unknown arg `--syn' Try `iptables -h' or 'iptables --help' for more information.
iptables v1.1.2: Unknown arg `--sport' Try `iptables -h' or 'iptables --help' for more information.
Well, unfortunately I can't find SuSEfirewall2, but it seems that these extensions are used in rules, where the protocol isn't defined. It's a prerequisite to tell iptables the protocol, otherwise these extensions won't work. The --syn option for example only makes sense, if it's checked against a tcp-package, but not for udp-packages. Examples iptables -A INPUT -i ppp0 -p tcp --sport 1024:65535 --dport 25 -j ACCEPT [THIS WOULD WORK}] iptables -A INPUT -i ppp0 --sport 1024:65535 --dport 25 -j ACCEPT [THIS WOULD NOT WORK}] This is something that should be doublechecked with the script itself, not with your config file. Greetings, Bodo
participants (2)
-
Alexander Grujic
-
Bodo Meseke