I've just upgraded a machine to Slackware 14.0, and am having a problem
with my (previously working) firewall rules.
Assuming that my public IP address is 192.168.0.1, and given the following commands:
/usr/sbin/iptables -t filter -N abc.in
/usr/sbin/iptables -t filter -A abc.in -s 10.0.0.0/8 -j DROP
/usr/sbin/iptables -t filter -A abc.in -d 192.168.0.1 -p icmp
--icmp-type echo-request -j DROP /usr/sbin/iptables -t filter -A abc.in
-d 192.168.0.1 -p icmp -j ACCEPT /usr/sbin/iptables -t filter -A abc.in
-p tcp --dport domain -j DROP
the first four commands work, creating a filter table called abc.in,
and adding rules to DROP packets coming from the 10.0.0.0/8 IP address
range, drop ICMP echo-request packets, and to accept all other ICMP
However, the fifth rule, which (in Slackware 13.0) added a rule to DROP incoming tcp packets destined for domain (my internal caching dns server),
no longer compiles with iptables. Instead, I get an
"iptables: No chain/target/match by that name" message
instead, and a non-zero returncode from iptables.
I've narrowed the problem down to the --dport option; apparently, in my configuration of Slackware 14.0 iptables
(package iptables-1.4.14-i486-2_slack14.0), the destination-port and source-port options cause some sort of error.
Does anyone have a hint at what I should be looking at to fix this?
My goal is to filter by tcp and udp port number, so as to selectively
permit or deny outside access to some of my network services.
Note: this part of my firewall script runs within the confines of the pppoe/pppd ip_up script. The rules really look like...
/usr/sbin/iptables -t filter -N $1.in
/usr/sbin/iptables -t filter -A $1.in -s 10.0.0.0/8 -j DROP
/usr/sbin/iptables -t filter -A $1.in -d $4 -p icmp --icmp-type
echo-request -j DROP /usr/sbin/iptables -t filter -A $1.in -d $4 -p icmp
-j ACCEPT /usr/sbin/iptables -t filter -A $1.in -d $4 -p tcp --dport
domain -j DROP
$1 is the name of the interface that the PPP connection was
established on (typically, ppp0)
$4 is the IP address assigned to my end of the PPP connection
(my "public" IP address, as it were)
|Nodes:||10 (2 / 8)|