[Firewall] Tracking down Bad Rule error

Arno van Amersfoort arnova at rocky.eld.leidenuniv.nl
Wed Mar 3 11:36:41 CET 2010


This is probably the error that got fixed after 1.9.2a was released. In 
principle nothing to worry about but in case you really want to get rid 
of it, I'd suggest upgrading to a newer version.

a.

Jon Todaro wrote:
> 
> Am I doing something wrong, or should this command not show the error?
> 
> 
> *[root at gatekeeper:~] TRACE=1 /etc/init.d/arno-iptables-firewall start
> Starting Arno's Iptables Firewall...(1) iptables: Bad rule (does a 
> matching rule exist in that chain?).
> done.
> 
> *[root at gatekeeper:~] aptitude show arno-iptables-firewall
> Package: arno-iptables-firewall
> State: installed
> Automatically installed: no
> Version: 1.9.2.a-1
> Priority: optional
> Section: universe/net
> Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com 
> <mailto:ubuntu-devel-discuss at lists.ubuntu.com>>
> Uncompressed Size: 831k
> Depends: iptables (>= 1.2.11), gawk, debconf (>= 1.3.22) | cdebconf (>= 
> 0.43), debconf (>= 0.5) | debconf-2.0
> Recommends: iproute, lynx, dnsutils
> Description: single- and multi-homed firewall script with DSL/ADSL support
>  Unlike other lean iptables frontends in Debian, arno-iptables-firewall 
> will setup and load a secure, restrictive firewall by
>  just asking a few question. This includes configuring internal networks 
> for internet access via NAT and potential network
>  services (e.g. http or ssh).
> 
>  However, it is in no way restricted to this simple setup. Some catch 
> words of additional features, that can be enabled in
>  the well documented configuration file are: DSL/ADSL, Port forwarding, 
> DMZ's, portscan detection, MAC address filtering.
> Homepage: http://rocky.eld.leidenuniv.nl/
> 
> *[root at gatekeeper:~]
> 
> 
> I assume my "Bad rule" is coming from a possible kernel module not being 
> loaded (however I am using the default Ubuntu 9.10 kernel so I am not 
> sure how that could be), but I would at least like to track down which 
> module isn't loaded and correct it.
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl

-- 
Arno van Amersfoort
E-mail    : arnova at rocky.eld.leidenuniv.nl
Donations are welcome through Paypal!
---------------------------------------------------------------------------
Arno's (Linux IPTABLES Firewall) Homepage:
http://rocky.eld.leidenuniv.nl


More information about the Firewall mailing list