Bug 89793 - service iptables start fails.
service iptables start fails.
Product: Red Hat Linux
Classification: Retired
Component: iptables (Show other bugs)
i686 Linux
high Severity medium
: ---
: ---
Assigned To: wdovlrrw
Ben Levenson
: Security
Depends On:
  Show dependency treegraph
Reported: 2003-04-28 11:35 EDT by Need Real Name
Modified: 2007-03-27 00:03 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2003-05-04 10:58:43 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2003-04-28 11:35:17 EDT
Description of problem: Can't restore iptables rules

Version-Release number of selected component (if applicable): iptables-1.2.5-3

How reproducible: Always

Steps to Reproduce:

[root@router1 root]# service iptables save
Guardando las reglas actuales para /etc/sysconfig/iptables:[  OK  ]
[root@router1 root]# service iptables stop
Reiniciar las cadenas incorporadas a la política predetermi[  OK  ]ACEPTACIÓN:
[root@router1 root]# service iptables start
Vaciando todas las reglas actuales y las cadenas definidas [  OK  ]io:
Eliminando todas las reglas actuales y cadenas definidas po[  OK  ]os:
Aplicando reglas del firewall iptables:                    [  OK  ]
iptables-restore v1.2.5: Unknown arg `--log-prefix'
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
Actual results:
Can't use the router linux, boot hangs waitint for the user input.

Expected results:
Iptalbes rules should be load on every reboot

Additional info:
Comment 1 Michael Schwendt 2003-04-30 11:24:23 EDT
Looks like a syntax error (LOG target not specified in front of --log-prefix
argument). Please attach your /etc/sysconfig/iptables file.
Comment 2 Need Real Name 2003-05-02 11:52:31 EDT
These are the lines:

$IPT -A SEGURIDAD -p tcp --tcp-flags ALL FIN,URG,PSH -m limit --limit 3/m -j LOG
--log-level $LOGLEVEL --log-prefix "Bits FIN,URG,PSH Ilegales: "
$IPT -A SEGURIDAD -p tcp --tcp-flags SYN,RST SYN,RST -m limit --limit 3/m -j LOG
--log-level $LOGLEVEL --log-prefix "Combinacion SYN,RST Ilegal: "
$IPT -A SEGURIDAD -p tcp --tcp-flags SYN,FIN SYN,FIN -m limit --limit 3/m -j LOG
--log-level $LOGLEVEL --log-prefix "Combinacion SYN,FIN Ilegal: "
$IPT -A SEGURIDAD -p tcp --tcp-flags ALL FIN -m limit --limit 3/m -j LOG
--log-level $LOGLEVEL --log-prefix "Bit FIN Desactivado: "
$IPT -A SEGURIDAD -p tcp --tcp-flags ALL ALL -m limit --limit 3/m -j LOG
--log-level $LOGLEVEL --log-prefix "Ningun bit Activado: "
$IPT -A SEGURIDAD -p tcp --tcp-flags ALL NONE -m limit --limit 3/m -j LOG
--log-level $LOGLEVEL --log-prefix "No aparece ningun bit: "
$IPT -A SEGURIDAD -p tcp --tcp-flags FIN,RST FIN,RST -m limit --limit 3/m -j LOG
--log-level $LOGLEVEL --log-prefix "Bits FINRST Activados: "
$IPT -A SEGURIDAD -p tcp --tcp-flags ACK,FIN FIN -m limit --limit 3/m -j LOG
--log-level $LOGLEVEL --log-prefix "Bit FIN sin bit ACK: "
$IPT -A SEGURIDAD -p tcp --tcp-flags ACK,PSH PSH -m limit --limit 3/m -j LOG
--log-level $LOGLEVEL --log-prefix "Bit PSH sin bit ACK: "
$IPT -A SEGURIDAD -p tcp --tcp-flags ACK,URG URG -m limit --limit 3/m -j LOG
--log-level $LOGLEVEL --log-prefix "Bit URG sin bit ACK: "
$IPT -A SEGURIDAD -p tcp --tcp-option 64 -m limit --limit 3/m -j LOG --log-level
$LOGLEVEL --log-prefix "Opcion(64) Incorrecta: "
$IPT -A SEGURIDAD -p tcp --tcp-option 128 -m limit --limit 3/m -j LOG
--log-level $LOGLEVEL --log-prefix "Opcion(128) Incorrecta: "

What is wrong?
I can't see the error.
Comment 3 Michael Schwendt 2003-05-02 12:13:56 EDT

1. This is not from /etc/sysconfig/iptables.

2. It is an incomplete script, but works if you create user-defined chain
"SEGURIDAD" (iptables -N SEGURIDAD) and define $LOGLEVEL (LOGLEVEL=warn).
Comment 4 Need Real Name 2003-05-04 10:58:43 EDT
The problem was the CR/LF and the copy and paste I did.
The lines with the LOG target was trunked, that was the problem. 

Note You need to log in before you can comment on or make changes to this bug.