iptables debian stable problem
Then I replaced every --destination-port with -dport, and then it complains about : Bad Argument '22' (22 being the SSH port).
This works perfectly at home on my Knoppix debian box.
What's the full line that you're trying to execute?
From the Debian iptables man page:
MATCH EXTENSIONS tcp These extensions are loaded if `--protocol tcp' is specified. It provides the following options: (snip) --destination-port [!] port[:port] Destination port or port range specification. The flag --dport is a convenient alias for this option.
iptables -A INPUT -s xxx.xxx.xxx.xxx -p tcp --destination-port ssh -j ACCEPT
The other line is just the same, but with -dport instead of --destination-port and 22 instead of ssh.
The version on both debians (the knoppix and stable) is 1.2.9.
Hope this clarifies…
li-20:~# cat /etc/debian_version
li-20:~# uname -a
Linux li-20.members.linode.com 2.4.25-linode24-1um #2 Sun Mar 28 15:14:01 EST 2004 i686 unknown
li-20:~# apt-get install iptables
Reading Package Lists... Done
Building Dependency Tree... Done
Sorry, iptables is already the newest version.
li-20:~# iptables -V
li-20:~# iptables -A INPUT -s 192.168.1.0 -p tcp --destination-port ssh -j LOG --log-level 1 --log-prefix STRING -m limit
li-20:~# iptables -A INPUT -s 192.168.1.0 -p tcp --destination-port ssh -j ACCEPT
Seems to have worked for me… ?
Maybe some funky-ness in your script?
Thanks for the help. Happy holidays.
It's pretty simple, IIRC. I just downloaded the latest kernel from kernel.org, unpacked it, downloaded the latest iptables, and told the iptables build process where the kernel source was. If you do this, install in /usr/local instead of /usr so you don't overwrite Debian's iptables. Otherwise, if Debian releases a new iptables version that's still older than your hand-compiled one, the update will overwrite yours and break your firewall scripts.