iptables debian stable problem
Then I replaced every --destination-port with -dport, and then it complains about : Bad Argument '22' (22 being the SSH port).
This works perfectly at home on my Knoppix debian box.
Any ideas?
5 Replies
caker
Linode Staff
What's the full line that you're trying to execute?
From the Debian iptables man page:
MATCH EXTENSIONS
tcp
These extensions are loaded if `--protocol tcp' is specified. It
provides the following options:
(snip)
--destination-port [!] port[:port]
Destination port or port range specification. The flag --dport
is a convenient alias for this option.
-Chris
iptables -A INPUT -s xxx.xxx.xxx.xxx -p tcp --destination-port ssh -j ACCEPT
The other line is just the same, but with -dport instead of --destination-port and 22 instead of ssh.
The version on both debians (the knoppix and stable) is 1.2.9.
Hope this clarifies…
caker
Linode Staff
li-20:~# cat /etc/debian_version
3.0
li-20:~# uname -a
Linux li-20.members.linode.com 2.4.25-linode24-1um #2 Sun Mar 28 15:14:01 EST 2004 i686 unknown
li-20:~# apt-get install iptables
Reading Package Lists... Done
Building Dependency Tree... Done
Sorry, iptables is already the newest version.
li-20:~# iptables -V
iptables v1.2.6a
li-20:~# iptables -A INPUT -s 192.168.1.0 -p tcp --destination-port ssh -j LOG --log-level 1 --log-prefix STRING -m limit
li-20:~# iptables -A INPUT -s 192.168.1.0 -p tcp --destination-port ssh -j ACCEPT
li-20:~#
Seems to have worked for me… ?
Maybe some funky-ness in your script?
-Chris
Thanks for the help. Happy holidays.
It's pretty simple, IIRC. I just downloaded the latest kernel from kernel.org, unpacked it, downloaded the latest iptables, and told the iptables build process where the kernel source was. If you do this, install in /usr/local instead of /usr so you don't overwrite Debian's iptables. Otherwise, if Debian releases a new iptables version that's still older than your hand-compiled one, the update will overwrite yours and break your firewall scripts.