|
Home > Archive > Red Hat Topics > August 2005 > Problem using system-config-securitylevel
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Problem using system-config-securitylevel
|
|
| IloChab 2005-08-23, 5:47 pm |
|
I have a FC4 with system-config-securitylevel 1.5.8.1
The firewall, that I configured with it, always worked well.
Few days ago I noticed that it didn't start any more at boot (I don't
remember exactly the error and boot.log is empty on FC4). So I tried a: #
/sbin/service iptables restart
obtaining the following output:
Applicazione delle regole firewall iptables: /sbin/iptables-restore: line
2: *filter: command not found /sbin/iptables-restore: line 3: :FORWARD:
command not found /sbin/iptables-restore: line 4: :INPUT: command not
found /sbin/iptables-restore: line 5: :OUTPUT: command not found
/sbin/iptables-restore: line 6: :RH-Firewall-1-INPUT: command not found
/sbin/iptables-restore: line 7: -A: command not found
/sbin/iptables-restore: line 8: -A: command not found
/sbin/iptables-restore: line 9: -A: command not found
/sbin/iptables-restore: line 10: -A: command not found
/sbin/iptables-restore: line 11: -A: command not found
/sbin/iptables-restore: line 12: -A: command not found
/sbin/iptables-restore: line 13: -A: command not found
/sbin/iptables-restore: line 14: -A: command not found
/sbin/iptables-restore: line 15: -A: command not found
/sbin/iptables-restore: line 16: -A: command not found
/sbin/iptables-restore: line 17: -A: command not found
/sbin/iptables-restore: line 18: -A: command not found
/sbin/iptables-restore: line 19: -A: command not found
/sbin/iptables-restore: line 20: -A: command not found
/sbin/iptables-restore: line 21: -A: command not found
/sbin/iptables-restore: line 22: -A: command not found
/sbin/iptables-restore: line 23: -A: command not found
/sbin/iptables-restore: line 24: -A: command not found
/sbin/iptables-restore: line 25: COMMIT: command not found [FALLITO]
I can't understand why it's talking about /sbin/iptables-restore
Is my configuration broken?
What files have I to check?
I guess everything begun after a system-config-securitylevel upgrade or
after some manual modifications to iptables rules I did with a final
iptable-save.
Please, can anyone help?
Thanks.
Licia.
| |
| Jean-David Beyer 2005-08-23, 5:47 pm |
| IloChab wrote:
> I have a FC4 with system-config-securitylevel 1.5.8.1
> The firewall, that I configured with it, always worked well.
> Few days ago I noticed that it didn't start any more at boot (I don't
> remember exactly the error and boot.log is empty on FC4). So I tried a: #
> /sbin/service iptables restart
> obtaining the following output:
>
> Applicazione delle regole firewall iptables: /sbin/iptables-restore: line
> 2: *filter: command not found /sbin/iptables-restore: line 3: :FORWARD:
> command not found /sbin/iptables-restore: line 4: :INPUT: command not
> found /sbin/iptables-restore: line 5: :OUTPUT: command not found
> /sbin/iptables-restore: line 6: :RH-Firewall-1-INPUT: command not found
> /sbin/iptables-restore: line 7: -A: command not found
> /sbin/iptables-restore: line 8: -A: command not found
> /sbin/iptables-restore: line 9: -A: command not found
> /sbin/iptables-restore: line 10: -A: command not found
> /sbin/iptables-restore: line 11: -A: command not found
> /sbin/iptables-restore: line 12: -A: command not found
> /sbin/iptables-restore: line 13: -A: command not found
> /sbin/iptables-restore: line 14: -A: command not found
> /sbin/iptables-restore: line 15: -A: command not found
> /sbin/iptables-restore: line 16: -A: command not found
> /sbin/iptables-restore: line 17: -A: command not found
> /sbin/iptables-restore: line 18: -A: command not found
> /sbin/iptables-restore: line 19: -A: command not found
> /sbin/iptables-restore: line 20: -A: command not found
> /sbin/iptables-restore: line 21: -A: command not found
> /sbin/iptables-restore: line 22: -A: command not found
> /sbin/iptables-restore: line 23: -A: command not found
> /sbin/iptables-restore: line 24: -A: command not found
> /sbin/iptables-restore: line 25: COMMIT: command not found [FALLITO]
>
> I can't understand why it's talking about /sbin/iptables-restore
In /etc/rc.d/init.d/iptables appears the sequence ...
start() {
# Do not start if there is no config file.
[ -f "$IPTABLES_DATA" ] || return 1
echo -n $"Applying $IPTABLES firewall rules: "
OPT=
[ "x$IPTABLES_SAVE_COUNTER" = "xyes" ] && OPT="-c"
$IPTABLES-restore $OPT $IPTABLES_DATA
IPTABLES is defined as _iptables_, so that is where it is being called;
i.e., at boot time (or anytime you do _iptables start_).
$ ls -l /sbin/iptables*
-rwxr-xr-x 1 root root 47568 Dec 17 2003 /sbin/iptables
-rwxr-xr-x 1 root root 51872 Dec 17 2003 /sbin/iptables-restore
-rwxr-xr-x 1 root root 50276 Dec 17 2003 /sbin/iptables-save
I.e., these programs exist, at least in RHEL 3.
My guess is that your iptables-restore program is going through your
/etc/sysconfig/iptables file and something is wrong with it. Mine starts out
like this:
# Generated by iptables-save v1.2.8 on Tue Aug 23 06:36:03 2005
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
....
Perhaps IPTABLES is not defined in your /etc/rc.d/init.d/iptables file.
Perhaps the PATH when running /etc/rc.d/init.d/iptables does not include
sbin. Many things to check.
>
> Is my configuration broken?
> What files have I to check?
>
> I guess everything begun after a system-config-securitylevel upgrade or
> after some manual modifications to iptables rules I did with a final
> iptable-save.
>
> Please, can anyone help?
> Thanks.
> Licia.
--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key: 9A2FC99A Registered Machine 241939.
/( )\ Shrewsbury, New Jersey http://counter.li.org
^^-^^ 10:50:00 up 69 days, 4:45, 3 users, load average: 4.23, 4.85, 5.46
| |
| IloChab 2005-08-23, 5:47 pm |
| Il Tue, 23 Aug 2005 11:03:06 -0400, Jean-David Beyer ha scritto:
> $ ls -l /sbin/iptables*
> -rwxr-xr-x 1 root root 47568 Dec 17 2003 /sbin/iptables
> -rwxr-xr-x 1 root root 51872 Dec 17 2003 /sbin/iptables-restore
> -rwxr-xr-x 1 root root 50276 Dec 17 2003 /sbin/iptables-save
>
> I.e., these programs exist, at least in RHEL 3.
I have just the same.
> My guess is that your iptables-restore program is going through your
> /etc/sysconfig/iptables file and something is wrong with it.
Mine now is like this:
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
> Perhaps IPTABLES is not defined in your /etc/rc.d/init.d/iptables file.
IPTABLES=iptables
> Perhaps the PATH when running /etc/rc.d/init.d/iptables does not include
> sbin.
I don't think becouse my error said:
/sbin/iptables-restore: line 8: -A: command not found
that tome means it added "/sbin" by itself resolving
"$IPTABLES-restore $OPT $IPTABLES_DATA"
> Many things to check.
I know ... but I really can't find a workarond
Please help.
Ciao, Licia.
|
|
|
|
|