[Firewall] Something about v1.9.2j

Dmitry pmf026 at int13.ru
Wed Mar 3 13:19:10 CET 2010

Here's my 'ip link show':

where eth0 is my ISP's LAN (external net), eth1 is my LAN (internal 
net), eth2 is DMZ (my wlan) and ppp25 is internet (via eth0, external)

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast 
state UNKNOWN qlen 1000 link/ether 00:80:48:4e:28:27 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast 
state UNKNOWN qlen 1000 link/ether 00:80:48:4e:27:fb brd ff:ff:ff:ff:ff:ff
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast 
state UNKNOWN qlen 1000 link/ether 00:50:fc:c1:5e:00 brd ff:ff:ff:ff:ff:ff
229: ppp25: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1460 qdisc 
pfifo_fast state UNKNOWN qlen 3 link/ppp

Weird. Link state "UNKNOWN" I don't get it...why? any help will be 
appreciated.. I think some module is missing... its been running like 
this for almost 4 or 5 years xD

I'm running GNU/Linux Debian Lenny 5.0 (2.6.26-2-686).

Arno van Amersfoort пишет:
> Thanks for reporting the uninstall bug. I've fixed it.
> About the non existing interface errors. Mind posting the output of 
> "ip link show" ?
> Are you sure the firewall is started AFTER the network has been 
> brought up?
> And about the space/comma thing in variables. Most of the time both 
> work. Rule of the thumb is that space seperation should be used when 
> you want to group certain rules when using eg. interface restrictions 
> (which most ppl don't). For variables only takes interfaces both 
> spaces & commas are fine.
> a.
> Dmitry wrote:
>> Ok, I've upgraded from v1.9.2a to the latest build..
>> Uninstall.sh has mistaken Y/N answers.. so No = Yes, and Yes = No... 
>> Do you want to uninstall? I press Y, and script takes it as No.
>> and when I run the script I see this:
>> *************
>> Arno's Iptables Firewall Script v1.9.2j
>> ------------------------------------------------------------------------------- 
>> Sanity checks passed...OK
>> NOTE: External interface eth0 does NOT exist (yet?)
>> NOTE: External interface ppp25 does NOT exist (yet?)
>> NOTE: Internal interface eth1 does NOT exist (yet?)
>> NOTE: DMZ interface eth2 does NOT exist (yet?)
>> *************
>> But all those interfaces are up and running. Everything is working 
>> well, but it's a little bit confusing...
>> And a question, sometimes it says (in comments) that multiple 
>> interfaces should be space separated and sometimes comma separated... 
>> which separation method should I use?
>> Thank you.
>> Sincerely yours,
>> Dmitry.
