Description of problem: Can't restore iptables rules Version-Release number of selected component (if applicable): iptables-1.2.5-3 How reproducible: Always Steps to Reproduce: [root@router1 root]# service iptables save Guardando las reglas actuales para /etc/sysconfig/iptables:[ OK ] [root@router1 root]# service iptables stop Reiniciar las cadenas incorporadas a la polÃtica predetermi[ OK ]ACEPTACIÃN: [root@router1 root]# service iptables start Vaciando todas las reglas actuales y las cadenas definidas [ OK ]io: Eliminando todas las reglas actuales y cadenas definidas po[ OK ]os: Aplicando reglas del firewall iptables: [ OK ] iptables-restore v1.2.5: Unknown arg `--log-prefix' Try `iptables-restore -h' or 'iptables-restore --help' for more information. [FALLÃ] Actual results: Can't use the router linux, boot hangs waitint for the user input. Expected results: Iptalbes rules should be load on every reboot Additional info:
Looks like a syntax error (LOG target not specified in front of --log-prefix argument). Please attach your /etc/sysconfig/iptables file.
These are the lines: $IPT -A SEGURIDAD -p tcp --tcp-flags ALL FIN,URG,PSH -m limit --limit 3/m -j LOG --log-level $LOGLEVEL --log-prefix "Bits FIN,URG,PSH Ilegales: " $IPT -A SEGURIDAD -p tcp --tcp-flags SYN,RST SYN,RST -m limit --limit 3/m -j LOG --log-level $LOGLEVEL --log-prefix "Combinacion SYN,RST Ilegal: " $IPT -A SEGURIDAD -p tcp --tcp-flags SYN,FIN SYN,FIN -m limit --limit 3/m -j LOG --log-level $LOGLEVEL --log-prefix "Combinacion SYN,FIN Ilegal: " $IPT -A SEGURIDAD -p tcp --tcp-flags ALL FIN -m limit --limit 3/m -j LOG --log-level $LOGLEVEL --log-prefix "Bit FIN Desactivado: " $IPT -A SEGURIDAD -p tcp --tcp-flags ALL ALL -m limit --limit 3/m -j LOG --log-level $LOGLEVEL --log-prefix "Ningun bit Activado: " $IPT -A SEGURIDAD -p tcp --tcp-flags ALL NONE -m limit --limit 3/m -j LOG --log-level $LOGLEVEL --log-prefix "No aparece ningun bit: " $IPT -A SEGURIDAD -p tcp --tcp-flags FIN,RST FIN,RST -m limit --limit 3/m -j LOG --log-level $LOGLEVEL --log-prefix "Bits FINRST Activados: " $IPT -A SEGURIDAD -p tcp --tcp-flags ACK,FIN FIN -m limit --limit 3/m -j LOG --log-level $LOGLEVEL --log-prefix "Bit FIN sin bit ACK: " $IPT -A SEGURIDAD -p tcp --tcp-flags ACK,PSH PSH -m limit --limit 3/m -j LOG --log-level $LOGLEVEL --log-prefix "Bit PSH sin bit ACK: " $IPT -A SEGURIDAD -p tcp --tcp-flags ACK,URG URG -m limit --limit 3/m -j LOG --log-level $LOGLEVEL --log-prefix "Bit URG sin bit ACK: " $IPT -A SEGURIDAD -p tcp --tcp-option 64 -m limit --limit 3/m -j LOG --log-level $LOGLEVEL --log-prefix "Opcion(64) Incorrecta: " $IPT -A SEGURIDAD -p tcp --tcp-option 128 -m limit --limit 3/m -j LOG --log-level $LOGLEVEL --log-prefix "Opcion(128) Incorrecta: " What is wrong? I can't see the error.
WORKSFORME. 1. This is not from /etc/sysconfig/iptables. 2. It is an incomplete script, but works if you create user-defined chain "SEGURIDAD" (iptables -N SEGURIDAD) and define $LOGLEVEL (LOGLEVEL=warn).
Ok. The problem was the CR/LF and the copy and paste I did. The lines with the LOG target was trunked, that was the problem.