* [gentoo-user] arno-iptables-firewall and kernel-3.4.9-gentoo
@ 2012-08-25 7:49 99% Mick
0 siblings, 0 replies; 1+ results
From: Mick @ 2012-08-25 7:49 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1.1: Type: Text/Plain, Size: 4605 bytes --]
Hi All,
Can you please check if you are using arno's script whether you are also
getting errors like these on start up?
===========================================
# /etc/init.d/arno-iptables-firewall start
* Use of the opts variable is deprecated and will be
* removed in the future.
* Please use extra_commands, extra_started_commands or
extra_stopped_commands.
* Loading Firewall... ...
Arno's Iptables Firewall Script v1.9.2d
-------------------------------------------------------------------------------
NOTE: External interface ppp0 does NOT exist (yet?)
Sanity checks passed...OK
Checking/probing IPv4 Iptables modules:
Module check done...
Setting the kernel ring buffer to only log panic messages to the console
Setup kernel settings:
Setting the max. amount of simultaneous connections to 16384
Setting default conntrack timeouts
Enabling protection against source routed packets
DISABLING packet forwarding
Enabling reduction of the DoS'ing ability
Enabling anti-spoof with rp_filter
Enabling SYN-flood protection via SYN-cookies
Disabling the logging of martians
Disabling the acception of ICMP-redirect messages
Setting default TTL=64
Disabling ECN (Explicit Congestion Notification)
Enabling kernel support for dynamic IPs
Flushing route table
Kernel setup done...
Initializing firewall chains
Setting default INPUT/FORWARD policy to DROP
(Re)loading list of BLOCKED hosts from /etc/arno-iptables-firewall/blocked-
hosts...
0 line(s) read. 0 host(s) blocked.
Using loglevel "info" for syslogd
Setting up firewall rules:
-------------------------------------------------------------------------------
Enabling setting the maximum packet size via MSS
Logging of stealth scans (nmap probes etc.) enabled
(1) iptables: No chain/target/match by that name.
(1) iptables: No chain/target/match by that name.
(1) iptables: No chain/target/match by that name.
(1) iptables: No chain/target/match by that name.
(1) iptables: No chain/target/match by that name.
(1) iptables: No chain/target/match by that name.
(1) iptables: No chain/target/match by that name.
Logging of packets with bad TCP-flags enabled
(1) iptables: No chain/target/match by that name.
(1) iptables: No chain/target/match by that name.
... [snip ...]
Security is ENFORCED for external interface(s) in the FORWARD chain
(1) iptables: No chain/target/match by that name.
Aug 25 7:59:36 WARNING: Not all firewall rules are applied.
* WARNING: Failed to load Firewall [ !! ]
* ERROR: arno-iptables-firewall failed to start
===========================================
They repeat themselves a number of times, usually after "Logging of packets
..." statements. Despite the failed to start message above, iptables seem to
have loaded fine:
===========================================
# /sbin/iptables -L -v -n
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 BASE_INPUT_CHAIN all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 INPUT_CHAIN all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 HOST_BLOCK all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 SPOOF_CHK all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 VALID_CHK all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 EXT_INPUT_CHAIN !icmp -- eth0 * 0.0.0.0/0
0.0.0.0/0 state NEW
0 0 EXT_INPUT_CHAIN icmp -- eth0 * 0.0.0.0/0
0.0.0.0/0 state NEW limit: avg 60/sec burst 100
0 0 EXT_ICMP_FLOOD_CHAIN icmp -- eth0 * 0.0.0.0/0
0.0.0.0/0 state NEW
0 0 VALID_CHK all -- wlan0 * 0.0.0.0/0 0.0.0.0/0
0 0 EXT_INPUT_CHAIN !icmp -- wlan0 * 0.0.0.0/0
0.0.0.0/0 state NEW
0 0 EXT_INPUT_CHAIN icmp -- wlan0 * 0.0.0.0/0
0.0.0.0/0 state NEW limit: avg 60/sec burst 100
0 0 EXT_ICMP_FLOOD_CHAIN icmp -- wlan0 * 0.0.0.0/0
0.0.0.0/0 state NEW
[snip ...]
===========================================
I diff'ed the previous kernel-3.3.8-gentoo and the new kernel-3.4.9-gentoo and
I can't see any changes that would cause these errors. I attach it for the
more eagle-eye amongst you.
Any ideas?
--
Regards,
Mick
[-- Attachment #1.2: diff_oldconfig.txt.bz2 --]
[-- Type: application/x-bzip, Size: 27908 bytes --]
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
^ permalink raw reply [relevance 99%]
Results 1-1 of 1 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2012-08-25 7:49 99% [gentoo-user] arno-iptables-firewall and kernel-3.4.9-gentoo Mick
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox