[plug] Adding new rule iptables

Andrew Barbara andrew at mailerdirect.net
Thu Aug 14 22:51:58 WST 2003


Hi Jon,
Firstly, The Log rules need to be before the DROP rules.
Secondly all the LOG rules have no "-p" before tcp and to my knowledge 
you need to tell it what to limit it to... "-m limit --limit 5/minute" - 
Maybe you don't, but thats how i do it.

Regards
Andrew Barbara

On Thu, 14 Aug 2003, Jon  Miller wrote:

> I'm trying to add a new rule to an existing firewall rule script.  Isn't the format the following?
> $IPT -N Virus_blocks
> $IPT -A Virus_blocks -p tcp --dport 69 -j DROP
> $IPT -A Virus_blocks -p tcp --dport 135 -j DROP
> $IPT -A Virus_blocks -p tcp --dport 4444 -j DROP
> $IPT -A Virus_blocks -tcp --dport 69 -m limit -j LOG\--log-prefix "Blaster scan"
> $IPT -A Virus_blocks -tcp --dport 135 -m limit -j LOG\--log-prefix "Blaster scan"
> $IPT -A Virus_blocks -tcp --dport 4444 -m limit -j LOG\--log-prefix "Blaster scan"
> 
> If so, what could cause this to create an error :
> iptables: No chain/target/match by that name
> 
> Yet when entered from the command line it goes in without any issues.  I've done a complete flushing of all the rules (INPUT, FORWARD, OUTPUT, NetMeeting, Virus_Blocks) and re-ran the script.
> 
> Thanks
> 
> Jon L. Miller, MCNE, CNS
> Director/Sr Systems Consultant
> MMT Networks Pty Ltd
> http://www.mmtnetworks.com.au
> 
> "I don't know the key to success, but the key to failure
>  is trying to please everybody." -Bill Cosby
> 
> 
> 
> 

-- 




More information about the plug mailing list