[Firewall] Tracking down Bad Rule error

Philip A. Prindeville philipp_subx at redfish-solutions.com
Sun Mar 7 22:23:40 CET 2010

My posting on 01/21/2010 answers this very question.

Please check the archives before posting.

On 02/26/2010 08:04 AM, Jon Todaro wrote:
> Am I doing something wrong, or should this command not show the error?
> *[root at gatekeeper:~] TRACE=1 /etc/init.d/arno-iptables-firewall start
> Starting Arno's Iptables Firewall...(1) iptables: Bad rule (does a
> matching rule exist in that chain?).
> done.
> *[root at gatekeeper:~] aptitude show arno-iptables-firewall
> Package: arno-iptables-firewall
> State: installed
> Automatically installed: no
> Version: 1.9.2.a-1
> Priority: optional
> Section: universe/net
> Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com
> <mailto:ubuntu-devel-discuss at lists.ubuntu.com>>
> Uncompressed Size: 831k
> Depends: iptables (>= 1.2.11), gawk, debconf (>= 1.3.22) | cdebconf
> (>= 0.43), debconf (>= 0.5) | debconf-2.0
> Recommends: iproute, lynx, dnsutils
> Description: single- and multi-homed firewall script with DSL/ADSL support
>  Unlike other lean iptables frontends in Debian,
> arno-iptables-firewall will setup and load a secure, restrictive
> firewall by
>  just asking a few question. This includes configuring internal
> networks for internet access via NAT and potential network
>  services (e.g. http or ssh).
>  However, it is in no way restricted to this simple setup. Some catch
> words of additional features, that can be enabled in
>  the well documented configuration file are: DSL/ADSL, Port
> forwarding, DMZ's, portscan detection, MAC address filtering.
> Homepage: http://rocky.eld.leidenuniv.nl/
> *[root at gatekeeper:~]
> I assume my "Bad rule" is coming from a possible kernel module not
> being loaded (however I am using the default Ubuntu 9.10 kernel so I
> am not sure how that could be), but I would at least like to track
> down which module isn't loaded and correct it.

More information about the Firewall mailing list