[Firehol-support] configuration file problem?

Camilo Rostoker camilo at scottsdale.ca
Fri Jan 7 02:29:01 CET 2005 

Hi,

I have some experience with general Linux administration, but I am a 
total newbie to iptables and firewalls in general. I'm looking for a 
basic firewall setup. I've read the FAQ's and install guide but 
something seems to be wrong...
 
I have one server, connect directly to the internet, no router.
 
Below is my basic config file. What I want is the listed server services 
to have incoming access and (for now) all clients to have outgoing access:
 
interface eth0 internet
 
          policy drop
 
          server http accept
          server mysql accept
          server pop3 accept
          server smtp accept
          server ssh accept
 
          client all accept
 
 
 
... but something is terribly wrong. when i try to start firehol, I get 
a huge long list of errors, something like this:
 
FireHOL: Saving your old firewall to a temporary file: OK
FireHOL: Processing file /etc/firehol/firehol.conf: OK
FireHOL: Activating new firewall (71 rules):
  

-------------------------------------------------------------------------------- 

ERROR : # 1.
WHAT : A runtime command failed to execute (returned error 1).
SOURCE : line 13 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_internet_http_s1 -p tcp --sport 
1024:65535 --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
OUTPUT :
 
iptables: No chain/target/match by that name
 
-------------------------------------------------------------------------------- 

ERROR : # 2.
WHAT : A runtime command failed to execute (returned error 1).
SOURCE : line 13 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_internet_http_s1 -p tcp 
--sport 80 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
OUTPUT :
 
iptables: No chain/target/match by that name
 
 --------------------------------------------------------------------------------
ERROR   : # 3.
WHAT    : A runtime command failed to execute (returned error 1).
SOURCE  : line 14 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_internet_mysql_s2 -p tcp 
--sport 1024:65535 --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT
OUTPUT  :

iptables: No chain/target/match by that name

--------------------------------------------------------------------------------
ERROR   : # 4.
WHAT    : A runtime command failed to execute (returned error 1).
SOURCE  : line 14 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_internet_mysql_s2 -p tcp 
--sport 3306 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
OUTPUT  :

iptables: No chain/target/match by that name




.... etc ... (there are about 26 errors in total)
 
any ideas? .
 
cheers,
cam


-------------------------------------- 

Camilo Rostoker
Senior I.T. Consultant & Web Developer
Scottsdale Developments, Inc. 

email: camilo at scottsdale.ca
web  : http://www.scottsdale.ca

More information about the Firehol-support mailing list