public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed
Search results ordered by [date|relevance]  view[summary|nested|Atom feed]
thread overview below | download: 
* [gentoo-user] arno-iptables-firewall and kernel-3.4.9-gentoo
@ 2012-08-25  7:49 99% Mick
  0 siblings, 0 replies; 1+ results
From: Mick @ 2012-08-25  7:49 UTC (permalink / raw
  To: gentoo-user


[-- Attachment #1.1: Type: Text/Plain, Size: 4605 bytes --]

Hi All,

Can you please check if you are using arno's script whether you are also 
getting errors like these on start up?
===========================================
 # /etc/init.d/arno-iptables-firewall start
 * Use of the opts variable is deprecated and will be
 * removed in the future.
 * Please use extra_commands, extra_started_commands or 
extra_stopped_commands.
 * Loading Firewall... ...
Arno's Iptables Firewall Script v1.9.2d
-------------------------------------------------------------------------------
NOTE: External interface ppp0 does NOT exist (yet?)
Sanity checks passed...OK
Checking/probing IPv4 Iptables modules:
 Module check done...
Setting the kernel ring buffer to only log panic messages to the console
Setup kernel settings:
 Setting the max. amount of simultaneous connections to 16384
 Setting default conntrack timeouts
 Enabling protection against source routed packets
 DISABLING packet forwarding
 Enabling reduction of the DoS'ing ability
 Enabling anti-spoof with rp_filter
 Enabling SYN-flood protection via SYN-cookies
 Disabling the logging of martians
 Disabling the acception of ICMP-redirect messages
 Setting default TTL=64
 Disabling ECN (Explicit Congestion Notification)
 Enabling kernel support for dynamic IPs
 Flushing route table
 Kernel setup done...
Initializing firewall chains
 Setting default INPUT/FORWARD policy to DROP
(Re)loading list of BLOCKED hosts from /etc/arno-iptables-firewall/blocked-
hosts...
 0 line(s) read. 0 host(s) blocked.
Using loglevel "info" for syslogd

Setting up firewall rules:
-------------------------------------------------------------------------------
Enabling setting the maximum packet size via MSS
Logging of stealth scans (nmap probes etc.) enabled
(1) iptables: No chain/target/match by that name.
(1) iptables: No chain/target/match by that name.
(1) iptables: No chain/target/match by that name.
(1) iptables: No chain/target/match by that name.
(1) iptables: No chain/target/match by that name.
(1) iptables: No chain/target/match by that name.
(1) iptables: No chain/target/match by that name.
Logging of packets with bad TCP-flags enabled
(1) iptables: No chain/target/match by that name.
(1) iptables: No chain/target/match by that name.
... [snip ...]

Security is ENFORCED for external interface(s) in the FORWARD chain
(1) iptables: No chain/target/match by that name.

Aug 25  7:59:36 WARNING: Not all firewall rules are applied.
 * WARNING: Failed to load Firewall                                [ !! ]
 * ERROR: arno-iptables-firewall failed to start
===========================================

They repeat themselves a number of times, usually after "Logging of packets 
..." statements.  Despite the failed to start message above, iptables seem to 
have loaded fine:
===========================================
# /sbin/iptables -L -v -n
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               
destination         
    0     0 BASE_INPUT_CHAIN  all  --  *      *       0.0.0.0/0            
0.0.0.0/0           
    0     0 INPUT_CHAIN  all  --  *      *       0.0.0.0/0            
0.0.0.0/0           
    0     0 HOST_BLOCK  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 SPOOF_CHK  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 VALID_CHK  all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           
    0     0 EXT_INPUT_CHAIN !icmp --  eth0   *       0.0.0.0/0            
0.0.0.0/0            state NEW
    0     0 EXT_INPUT_CHAIN  icmp --  eth0   *       0.0.0.0/0            
0.0.0.0/0            state NEW limit: avg 60/sec burst 100
    0     0 EXT_ICMP_FLOOD_CHAIN  icmp --  eth0   *       0.0.0.0/0            
0.0.0.0/0            state NEW
    0     0 VALID_CHK  all  --  wlan0  *       0.0.0.0/0            0.0.0.0/0           
    0     0 EXT_INPUT_CHAIN !icmp --  wlan0  *       0.0.0.0/0            
0.0.0.0/0            state NEW
    0     0 EXT_INPUT_CHAIN  icmp --  wlan0  *       0.0.0.0/0            
0.0.0.0/0            state NEW limit: avg 60/sec burst 100
    0     0 EXT_ICMP_FLOOD_CHAIN  icmp --  wlan0  *       0.0.0.0/0            
0.0.0.0/0            state NEW
[snip ...]
===========================================


I diff'ed the previous kernel-3.3.8-gentoo and the new kernel-3.4.9-gentoo and 
I can't see any changes that would cause these errors.  I attach it for the 
more eagle-eye amongst you.

Any ideas?
-- 
Regards,
Mick

[-- Attachment #1.2: diff_oldconfig.txt.bz2 --]
[-- Type: application/x-bzip, Size: 27908 bytes --]

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

^ permalink raw reply	[relevance 99%]

Results 1-1 of 1 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2012-08-25  7:49 99% [gentoo-user] arno-iptables-firewall and kernel-3.4.9-gentoo Mick

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox