Problems with SuSEfirewall2 under 8.1
Hi everybody, I installed SuSE 8.1 yesterday and configurated the Firewall under /etc/sysconfig/SuSEfirewall2. But when I now try to run the Firewall following error occurs: nessaja:/etc/sysconfig # SuSEfirewall2 /sbin/SuSEfirewall2: line 696: test: 192.168.1.0/24: integer expression expected iptables v1.2.7a: host/network `ppp0' not found Try `iptables -h' or 'iptables --help' for more information. iptables v1.2.7a: Maximum prefix length 29 for --log-prefix Try `iptables -h' or 'iptables --help' for more information.. Thanks in advance. Daniel Schulz
On Sun, Oct 06, 2002 at 03:09:24PM +0200, Daniel Schulz wrote:
nessaja:/etc/sysconfig # SuSEfirewall2 /sbin/SuSEfirewall2: line 696: test: 192.168.1.0/24: integer expression expected iptables v1.2.7a: host/network `ppp0' not found Try `iptables -h' or 'iptables --help' for more information. iptables v1.2.7a: Maximum prefix length 29 for --log-prefix Try `iptables -h' or 'iptables --help' for more information..
I just want to say: Me too.
It looks like there are two problems and how I worked around them:
"integer expression expected":
--- /sbin/SuSEfirewall2.orig 2002-10-05 20:38:47.000000000 +0200
+++ /sbin/SuSEfirewall2 2002-10-06 00:07:28.000000000 +0200
@@ -689,10 +689,8 @@
# skip 0/0
test "$DEV_IP" = "0/0" && continue
- PART1=${DEV_IP#/*#}
- #`echo $DEV_IP | $AWK -F/ '{print $1}'`
- PART2=${DEV_IP#*/#}
- #`echo $DEV_IP | $AWK -F/ '{print $2}'`
+ PART1=`echo $DEV_IP | $AWK -F/ '{print $1}'`
+ PART2=`echo $DEV_IP | $AWK -F/ '{print $2}'`
test '!' -z "$PART2" && test "$PART2" -lt 16 && {
echo "$PART1" | $GREP -Eq '^10\.|^172\.1' || {
echo "Warning: Netmask of $DEV_IP might be wrong, ensure that it is correct."
"host/network xxx not found":
Looks like you have an unused interface in one of the interface lists
in /etc/sysconfig/SuSEfirewall. Remove it (unused meaning either no
ip address or 0.0.0.0 as ip address).
Ciao
Jörg
--
Joerg Mayer
Hi Jörg, thanks for your reply, but my ppp0 device is used and has an dynamic ip. It is also configured in SuSEFireall2. Daniel Schulz -----Ursprüngliche Nachricht----- Von: Joerg Mayer [mailto:jmayer@loplof.de] Gesendet: Sonntag, 6. Oktober 2002 15:54 An: Daniel Schulz Cc: suse-security@suse.com Betreff: Re: [suse-security] Problems with SuSEfirewall2 under 8.1 On Sun, Oct 06, 2002 at 03:09:24PM +0200, Daniel Schulz wrote:
nessaja:/etc/sysconfig # SuSEfirewall2 /sbin/SuSEfirewall2: line 696: test: 192.168.1.0/24: integer expression expected iptables v1.2.7a: host/network `ppp0' not found Try `iptables -h' or 'iptables --help' for more information. iptables v1.2.7a: Maximum prefix length 29 for --log-prefix Try `iptables -h' or 'iptables --help' for more information..
I just want to say: Me too.
It looks like there are two problems and how I worked around them:
"integer expression expected":
--- /sbin/SuSEfirewall2.orig 2002-10-05 20:38:47.000000000 +0200
+++ /sbin/SuSEfirewall2 2002-10-06 00:07:28.000000000 +0200
@@ -689,10 +689,8 @@
# skip 0/0
test "$DEV_IP" = "0/0" && continue
- PART1=${DEV_IP#/*#}
- #`echo $DEV_IP | $AWK -F/ '{print $1}'`
- PART2=${DEV_IP#*/#}
- #`echo $DEV_IP | $AWK -F/ '{print $2}'`
+ PART1=`echo $DEV_IP | $AWK -F/ '{print $1}'`
+ PART2=`echo $DEV_IP | $AWK -F/ '{print $2}'`
test '!' -z "$PART2" && test "$PART2" -lt 16 && {
echo "$PART1" | $GREP -Eq '^10\.|^172\.1' || {
echo "Warning: Netmask of $DEV_IP might be wrong, ensure
that it is correct."
"host/network xxx not found":
Looks like you have an unused interface in one of the interface lists
in /etc/sysconfig/SuSEfirewall. Remove it (unused meaning either no
ip address or 0.0.0.0 as ip address).
Ciao
Jörg
--
Joerg Mayer
On Sun, Oct 06, 2002 at 03:58:35PM +0200, Daniel Schulz wrote:
thanks for your reply, but my ppp0 device is used and has an dynamic ip. It is also configured in SuSEFireall2.
I haven't looked into it further, but another problem I am seeing is,
that things have become dead slow:
root# time rcSuSEfirewall2 start
Starting Firewall Initialization (phase 2 of 3) done
real 1m23.613s
user 0m1.430s
sys 0m1.240s
Oh well, time to move on to a firewall script that is doing everything
manually - which is what I wanted to do for the last 2 years anyway but
was just too lazy to do. Let's see whether there's a proper fix around
by the time I've finished compiling kde-head.
Ciao
Jörg
--
Joerg Mayer
participants (2)
-
Daniel Schulz
-
Joerg Mayer