[Firehol-support] Prevent routing of Microsoft Networking

Redeeman redeeman at metanurb.dk
Tue Nov 15 05:14:10 CET 2005 

are you sure you have the needed iptables support in your kernel?

On Mon, 2005-11-14 at 18:29 -0800, Daniel L. Miller wrote:
> I'm trying to prevent my Samba servers and Windoze clients from 
> advertising on the Internet.  Some of the netbios services are being 
> processed fine, others are giving me errors during firehol compilation.  
> At the moment, I get the following:
> 
> foxy:/var/log/ulog# firehol try
> 
> 
> --------------------------------------------------------------------------------
> ERROR   : # 1.
> WHAT    : A runtime command failed to execute (returned error 1).
> SOURCE  : line 85 of /etc/firehol/firehol.conf
> COMMAND : /sbin/iptables -t filter -A in_lan2x_netbios_ns_s4 -p udp 
> --sport 1024:65535 --dport 137 -m state --state NEW\,ESTABLISHED -j 
> REJECT --reject-with tcp-reset
> OUTPUT  :
> 
> iptables: Invalid argument
> 
> 
> 
> --------------------------------------------------------------------------------
> ERROR   : # 2.
> WHAT    : A runtime command failed to execute (returned error 1).
> SOURCE  : line 85 of /etc/firehol/firehol.conf
> COMMAND : /sbin/iptables -t filter -A out_lan2x_netbios_ns_s4 -p udp 
> --sport 137 --dport 1024:65535 -m state --state ESTABLISHED -j REJECT 
> --reject-with tcp-reset
> OUTPUT  :
> 
> iptables: Invalid argument
> 
> 
> 
> --------------------------------------------------------------------------------
> ERROR   : # 3.
> WHAT    : A runtime command failed to execute (returned error 1).
> SOURCE  : line 85 of /etc/firehol/firehol.conf
> COMMAND : /sbin/iptables -t filter -A in_lan2x_netbios_ns_s4 -p udp 
> --sport 137 --dport 137 -m state --state NEW\,ESTABLISHED -j REJECT 
> --reject-with tcp-reset
> OUTPUT  :
> 
> iptables: Invalid argument
> 
> 
> 
> --------------------------------------------------------------------------------
> ERROR   : # 4.
> WHAT    : A runtime command failed to execute (returned error 1).
> SOURCE  : line 85 of /etc/firehol/firehol.conf
> COMMAND : /sbin/iptables -t filter -A out_lan2x_netbios_ns_s4 -p udp 
> --sport 137 --dport 137 -m state --state ESTABLISHED -j REJECT 
> --reject-with tcp-reset
> OUTPUT  :
> 
> iptables: Invalid argument
> 
> 
> 
> --------------------------------------------------------------------------------
> ERROR   : # 5.
> WHAT    : A runtime command failed to execute (returned error 1).
> SOURCE  : line 85 of /etc/firehol/firehol.conf
> COMMAND : /sbin/iptables -t filter -A in_lan2x_netbios_dgm_s5 -p udp 
> --sport 1024:65535 --dport 138 -m state --state NEW\,ESTABLISHED -j 
> REJECT --reject-with tcp-reset
> OUTPUT  :
> 
> iptables: Invalid argument
> 
> 
> 
> --------------------------------------------------------------------------------
> ERROR   : # 6.
> WHAT    : A runtime command failed to execute (returned error 1).
> SOURCE  : line 85 of /etc/firehol/firehol.conf
> COMMAND : /sbin/iptables -t filter -A out_lan2x_netbios_dgm_s5 -p udp 
> --sport 138 --dport 1024:65535 -m state --state ESTABLISHED -j REJECT 
> --reject-with tcp-reset
> OUTPUT  :
> 
> iptables: Invalid argument
> 
> 
> 
> --------------------------------------------------------------------------------
> ERROR   : # 7.
> WHAT    : A runtime command failed to execute (returned error 1).
> SOURCE  : line 85 of /etc/firehol/firehol.conf
> COMMAND : /sbin/iptables -t filter -A in_lan2x_netbios_dgm_s5 -p udp 
> --sport 138 --dport 138 -m state --state NEW\,ESTABLISHED -j REJECT 
> --reject-with tcp-reset
> OUTPUT  :
> 
> iptables: Invalid argument
> 
> 
> 
> --------------------------------------------------------------------------------
> ERROR   : # 8.
> WHAT    : A runtime command failed to execute (returned error 1).
> SOURCE  : line 85 of /etc/firehol/firehol.conf
> COMMAND : /sbin/iptables -t filter -A out_lan2x_netbios_dgm_s5 -p udp 
> --sport 138 --dport 138 -m state --state ESTABLISHED -j REJECT 
> --reject-with tcp-reset
> OUTPUT  :
> 
> iptables: Invalid argument
> 
> Stopped: Couldn't activate new firewall.
> 
> FireHOL: Restoring old firewall: OK
> 
> 
> The area generating this is:
> router lan2x inface "${LAN_IF}" outface "${EXT_X_IF}" src "${LAN_LAN}" 
> dst not "${UNROUTABLE_IPS}"
>         route "microsoft_ds netbios_ssn rdp" reject with tcp-reset
>         route "netbios_ns netbios_dgm" reject with tcp-reset
>         route all accept log "lan2x"
> 
> -- 
> Daniel
> 
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by the JBoss Inc.  Get Certified Today
> Register for a JBoss Training Course.  Free Certification Exam
> for All Training Attendees Through End of 2005. For more info visit:
> http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/firehol-support
>

More information about the Firehol-support mailing list