#1  
Old 28th June 2012, 00:57
lanceq lanceq is offline
Junior Member
 
Join Date: Dec 2011
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default Ispconfig and iptables rules

Hello,
I want to add to my iptables a few of rules, in addition it should do log of the DROP IP's to /var/log/messages
Unfortunately, only a few of the large list of rules is added to the iptables (ispconfig-> Monitor-> Show Iptables)

Theres my all rules:

Code:
iptables *filter
iptables :INPUT DROP [0:0]
iptables :FORWARD DROP [0:0]
iptables :OUTPUT ACCEPT [0:0]
iptables :ch - [0:0]
 
# loopback
iptables -A INPUT -i lo -j ACCEPT
 
# login packet
iptables -A INPUT -p tcp -m tcp --dport 7171 --tcp-flags FIN,SYN,RST,PSH,ACK,URG PSH,ACK -m length --length 191 -j ch
# logout packet
iptables -A INPUT -p tcp -m tcp --dport 7172 --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,ACK -m recent --set --name login --rsource
 
# drop banned clients
iptables -A INPUT -m recent --rcheck --seconds 600 --name ban --rsource -j DROP
 
# accept established
iptables -A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
 
# ban over 24 connections
iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 24 --connlimit-mask 32 -m recent --set --name ban --rsource -j DROP
 
# IP-specific bans, 1 line per IP
#iptables -A INPUT -s 186.211.32.3 -j DROP
 
# HTTP
iptables -A INPUT -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
 
# loginserver and gameserver
iptables -A INPUT -p tcp -m tcp --dport 7171 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit ! --connlimit-above 2 --connlimit-mask 32 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 7172 --tcp-flags FIN,SYN,RST,ACK SYN -m recent --rcheck --seconds 30 --name login --rsource -j ACCEPT
 
# DNS
iptables -A INPUT -p udp -m state --state ESTABLISHED -m udp --sport 53 -j ACCEPT
 
# NTP
#iptables -A INPUT -p udp -m state --state ESTABLISHED -m udp --sport 123 -j ACCEPT
 
# SSH
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
 
# ban UDP, not very useful!
iptables -A INPUT -p udp -m recent --set --name ban --rsource -j DROP
 
# accept login
iptables -A ch -m recent --set --name login --rsource -j ACCEPT
#logging
iptables -A INPUT -i $if_ext -p all -j LOG --log-prefix " - FIREWALL: droped -> "
And only those rules have been added.

Code:
-A INPUT -i lo -j ACCEPT 
-A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT 
-A INPUT -p udp -m state --state ESTABLISHED -m udp --sport 53 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
When i execute this script i receives a lot of errors:

Code:
Bad argument `*filter'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `:INPUT'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `:FORWARD'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `:OUTPUT'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `:ch'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.8: Couldn't load target `ch':/lib/xtables/libipt_ch.so: cannot open shared object file: No such file or directory

Try `iptables -h' or 'iptables --help' for more information.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
Bad argument `COMMIT'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `all'
Try `iptables -h' or 'iptables --help' for more information.
root@s2:/etc/init.d# sh firewall.sh
Bad argument `*filter'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `:INPUT'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `:FORWARD'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `:OUTPUT'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `:ch'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.8: Couldn't load target `ch':/lib/xtables/libipt_ch.so: cannot open shared object file: No such file or directory

Try `iptables -h' or 'iptables --help' for more information.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
Bad argument `COMMIT'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `all'
Try `iptables -h' or 'iptables --help' for more information.
root@s2:/etc/init.d# sh firewall.sh
Bad argument `*filter'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `:INPUT'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `:FORWARD'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `:OUTPUT'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `:ch'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.8: Couldn't load target `ch':/lib/xtables/libipt_ch.so: cannot open shared object file: No such file or directory

Try `iptables -h' or 'iptables --help' for more information.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
Bad argument `all'
Try `iptables -h' or 'iptables --help' for more information.
root@s2:/etc/init.d# sh firewall.sh
Bad argument `*filter'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `:INPUT'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `:FORWARD'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `:OUTPUT'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `:ch'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.8: Couldn't load target `ch':/lib/xtables/libipt_ch.so: cannot open shared object file: No such file or directory

Try `iptables -h' or 'iptables --help' for more information.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
Bad argument `all'
Try `iptables -h' or 'iptables --help' for more information.
root@s2:/etc/init.d# sh firewall.sh
Bad argument `*filter'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `:INPUT'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `:FORWARD'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `:OUTPUT'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `:ch'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.8: Couldn't load target `ch':/lib/xtables/libipt_ch.so: cannot open shared object file: No such file or directory

Try `iptables -h' or 'iptables --help' for more information.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
Bad argument `all'
Try `iptables -h' or 'iptables --help' for more information.
and ifconfig because i don't know that entered a good network
Code:
root@s2:/etc/init.d# ifconfig
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:36780 errors:0 dropped:0 overruns:0 frame:0
          TX packets:36780 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:30657328 (29.2 MiB)  TX bytes:30657328 (29.2 MiB)

venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:127.0.0.2  P-t-P:127.0.0.2  Bcast:0.0.0.0  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
          RX packets:345186 errors:0 dropped:0 overruns:0 frame:0
          TX packets:248992 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:427749317 (407.9 MiB)  TX bytes:34822662 (33.2 MiB)

venet0:0  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:91.204.162.161  P-t-P:91.204.162.161  Bcast:0.0.0.0  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
Could u help me to fix these rules?

Last edited by lanceq; 28th June 2012 at 01:03.
Reply With Quote
Sponsored Links
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Version 1.3 of the ISPConfig 3 Manual is finally available! falko General 44 2nd December 2011 13:04
ISPConfig using iptables or on virtual machine? Showa General 1 24th January 2011 04:01
ISPConfig and IPTABLES - Trash Automatic Setting?? vaio1 Installation/Configuration 4 22nd January 2010 20:30
Iptables, bastille, ISPConfig setup papokergod Installation/Configuration 17 1st February 2009 14:31
ispconfig is killing external iptables supertom64 Installation/Configuration 4 15th February 2007 10:01


All times are GMT +2. The time now is 02:58.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.