Hi,

I'm trying to edit my iptables but am getting an error when I try to restart the service...

I've pasted the commands and output here: http://paste.linode.com/6689

The rule seems to save and apply ok but the error always comes up when I restart the service

Appreciate any help you guys can give with this , thanks

Should have just added it to your other thread...

Not a CentOS guy... but a quick Google showed:

The issue you are experiencing with iptables is happening due to paravirt kernel having a "security" chain compiled into it, and the default "iptables" init script included with CentOS does not know how to handle it. You can resolve this issue by downloading an amended version of the "iptables" init script.

_________________
Kevin a.k.a. Dweeber

Thanks for the reply Dweeber

The paste on http://epoxie.net/12023.txt doesn't exists though

I tried chmodding the iptables file anyway and restarting the service, but the error still comes up...

i updated my post apparently after you saw it. I don't have a link to the updated init script but it should be on one of the CentOS forums.

_________________
Kevin a.k.a. Dweeber

Ignore the error, it's not important. It's just a consequence of not using the vendor kernel. It still works.

# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ssh-drop  tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22 flags:0x17/0x02 recent: UPDATE seconds: 60 hit_count: 5 name: ssh side: source 
           tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22 flags:0x17/0x02 recent: SET name: ssh side: source 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain ssh-drop (1 references)
target     prot opt source               destination         
LOG        all  --  0.0.0.0/0            0.0.0.0/0           limit: avg 2/min burst 5 LOG flags 0 level 4 prefix `FIREWALL:SSH-DROPPED ' 
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 

# service iptables restart
Flushing firewall rules:                                             [  OK  ]
Setting chains to policy ACCEPT: security raw nat mangle filter      [FAILED]
Unloading iptables modules:                                          [  OK  ]
Applying iptables firewall rules:                                    [  OK  ]
Loading additional iptables modules: ip_conntrack_netbios_ns         [FAILED]

# iptables -L -n          
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ssh-drop  tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22 flags:0x17/0x02 recent: UPDATE seconds: 60 hit_count: 5 name: ssh side: source 
           tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22 flags:0x17/0x02 recent: SET name: ssh side: source 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain ssh-drop (1 references)
target     prot opt source               destination         
LOG        all  --  0.0.0.0/0            0.0.0.0/0           limit: avg 2/min burst 5 LOG flags 0 level 4 prefix `FIREWALL:SSH-DROPPED ' 
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 

_________________
Rgds
Stephen
(Linux user since kernel version 0.11)

Thanks for the reply sweh, appreciate the help!

Good to know it's not a 'real' error...

Any way to suppress it though, me no like errors!!!

This should do the needful:

cd /etc/init.d/
cp iptables ~/iptables.backup
wget http://epoxie.net/14857.txt
patch -p1 < 14857.txt   # if prompted, specify /etc/init.d/iptables as the file to be patched
rm 14857.txt

-Tim