I am having troubles with IPTables. My rules are having troubles with handling "-m state --state ESTABLISHED" options. The error I get is "iptables: No chain/target/match by that name". Any ideas? Here is my script below.
# http://www.cs.princeton.edu/~jns/security/iptables/index.html # Prepared by James C. Stephens # ([EMAIL PROTECTED]) #!/bin/bash # # These lines are here in case rules are already in place and the script is ever rerun on the fly. # We want to remove all rules and pre-exisiting user defined chains and zero the counters # before we implement new rules. iptables -F iptables -X iptables -Z # Set up a default DROP policy for the built-in chains. # If we modify and re-run the script mid-session then (because we have a default DROP # policy), what happens is that there is a small time period when packets are denied until # the new rules are back in place. There is no period, however small, when packets we # don't want are allowed. iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT ## =========================================================== ## Some definitions: IFACE="eth0" IPADDR="209.150.196.220" LO="lo" NAMESERVER_1="209.150.200.15" NAMESERVER_2="209.150.200.10" NAMESERVER_3="64.65.128.6" BROADCAST="209.150.196.255" LOOPBACK="127.0.0.0/8" CLASS_A="10.0.0.0/8" CLASS_B="172.16.0.0/12" CLASS_C="192.168.0.0/16" CLASS_D_MULTICAST="224.0.0.0/4" CLASS_E_RESERVED_NET="240.0.0.0/5" P_PORTS="0:1023" UP_PORTS="1024:65535" TR_SRC_PORTS="32769:65535" TR_DEST_PORTS="33434:33523" ## ============================================================ # RULES echo "Start Rules" ## LOOPBACK # Allow unlimited traffic on the loopback interface. iptables -A INPUT -i $LO -j ACCEPT iptables -A OUTPUT -o $LO -j ACCEPT echo -n "Allow DNS servers incoming traffic..." ## DNS # NOTE: DNS uses tcp for zone transfers, for transfers greater than 512 bytes (possible, but unusual), and on certain # platforms like AIX (I am told), so you might have to add a copy of this rule for tcp if you need it # Allow UDP packets in for DNS client from nameservers. iptables -A INPUT -i $IFACE -p udp -s $NAMESERVER_1 --sport 53 -m state --state ESTABLISHED -j ACCEPT #iptables -A INPUT -i $IFACE -p udp -s $NAMESERVER_2 --sport 53 -m state --state ESTABLISHED -j ACCEPT #iptables -A INPUT -i $IFACE -p udp -s $NAMESERVER_3 --sport 53 -m state --state ESTABLISHED -j ACCEPT # Allow UDP packets to DNS servers from client. #iptables -A OUTPUT -o $IFACE -p udp -d $NAMESERVER_1 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT #iptables -A OUTPUT -o $IFACE -p udp -d $NAMESERVER_2 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT #iptables -A OUTPUT -o $IFACE -p udp -d $NAMESERVER_3 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT echo "done" bash# ./test.firewall Start Rules Allow DNS servers incoming traffic...iptables: No chain/target/match by that name done -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]