[Firewall] Errors when starting Arno's firewall script

Philip A. Prindeville philipp_subx at redfish-solutions.com
Fri Jan 22 07:40:42 CET 2010


Same answer I gave a couple of weeks ago.  Run:

% TRACE=1 arno-iptables-firewall start

This will capture the commands it would have run into a file.

You can then run that file as;

bash -x /tmp/aifXXXXXXX

and see which commands are generating errors.

-Philip


On 01/21/2010 02:00 AM, Thomas Seilund wrote:
> Dear All,
>
> I installed Arno's firewall script (I had to install package iproute2 otherwise install.sh complains that binary ip does not exist)
>
> When call /etc/init.d/arno-iptables-firewall start I first get a lot of errors about modules not found, assuming compiled in. Thats is ok.
>
> But then I get messages like this:
>
> >>
> Disabling ECN (Explicit Congestion Notification)
>  Set kernel parameter net.ipv4.tcp_ecn=0
>  Set kernel parameter net.ipv4.ip_dynaddr=0
>  Set kernel parameter net.ipv4.ip_no_pmtu_disc=0
> Flushing route table
>  Set kernel parameter net.ipv4.route.flush=1
> Kernel setup done...
> Initializing firewall chains
> Setting all default policies to DROP while "setting up firewall rules"
>  /sbin/iptables: (1) iptables: No chain/target/match by that name.
> Using loglevel "info" for syslogd
>
> Setting up firewall rules:
> -------------------------------------------------------------------------------
> Enabling setting the maximum packet size via MSS
> Enabling mangling TOS
>  /sbin/iptables: (1) iptables: No chain/target/match by that name.
>  /sbin/iptables: (1) iptables: No chain/target/match by that name.
>  /sbin/iptables: (1) iptables: No chain/target/match by that name.
>  /sbin/iptables: (1) iptables: No chain/target/match by that name.
>  /sbin/iptables: (1) iptables: No chain/target/match by that name.
>  /sbin/iptables: (1) iptables: No chain/target/match by that name.
>  /sbin/iptables: (1) iptables: No chain/target/match by that name.
>  /sbin/iptables: (1) iptables: No chain/target/match by that name.
>  /sbin/iptables: (1) iptables: No chain/target/match by that name.
>
> <<
>
> The message "/sbin/iptables: (1) iptables: No chain/target/match by that name." is in red text!
>
> I don't get any other messages in red text besides a lot of "/sbin/iptables: (1) iptables: No chain/target/match by that name."
>
> Finally I get:
>
> >>
> Security is ENFORCED for external interface(s) in the FORWARD chain
>  /sbin/iptables: (1) iptables: No chain/target/match by that name.
>
> Jan 21 10:49:01 WARNING: Not all firewall rules are applied.
> p600 arno-iptables-firewall_1.9.2h #
> (reverse-i-search)`emer': ^Cerge -av iproute2
> p600 arno-iptables-firewall_1.9.2h # /etc/init.d/arno-iptables-firewall start
> Arno's Iptables Firewall Script v1.9.2h
> -------------------------------------------------------------------------------
> Sanity checks passed...OK
> Checking/probing IPv4 Iptables modules:
> /sbin/modprobe ip_tables: Module not found! Assuming compiled-in-kernel!
> <<
>
> In /var/log/messages I get:
>
> >>
> Jan 21 10:48:52 p600 firewall: ** Starting Arno's Iptables Firewall v1.9.2h **
> Jan 21 10:49:01 p600 firewall: ** WARNING: Not all firewall rules are applied **
> <<
>
> I feel unsecure getting the message "** WARNING: Not all firewall rules are applied **"
>
> Why do I get these messages?
>
> Any help would be appreciated.
>
> Thanks
>
> Thomas S



More information about the Firewall mailing list