iptables syntax problems

To: Debian Firewall <debian-firewall@lists.debian.org>
Subject: iptables syntax problems
From: Ross <bender@lomag.net>
Date: Tue, 11 Jun 2002 23:27:50 -0400
Message-id: <[🔎] 200206112327.50911.bender@lomag.net>

Well here are some problems ive been having with a script im attempting to 
implicate as a firewall. 

first the variables..which appear to be fine but here they are for better 
understanding.

#!/bin/sh

INTERNET="eth0"                 # internet connected interface
LOOPBACK_INTERFACE="lo"         # l00p back0r
IPADDR="not.giving.out.on.the.mailing.list"          # your ip address
MY_ISP="not.giving.out.on.the.mailing.list/22"         # your isp adress range
LOOPBACK="127.0.0.0/8"          # l00p0r adress range
CLASS_A="10.0.0.0/8"          # Class a private networks
CLASS_B="172.16.0.0/12"         # Class b private networks
CLASS_C="192.168.0.0/16"        # Class c private networks
CLASS_D_MULTICAST="224.0.0.0/4" # Class d multicast networks
CLASS_E_RESERVED_NET="240.0.0.0/5" # Class e reserved addresses
BROADCAST_SRC="0.0.0.0"         # broadcast source address
BROADCAST_DEST="255.255.255.255" # Broadcast destiantion adress
PRIVPORTS="0:1023"              # well-known privaledged port range
UNPRIVPORTS="1024:65535"        # unprivileged port range
NAMESERVER="not.giving.out.on.the.mailing.list"     # dns
XWINDOW_PORTS="6000:6063"
NFS_PORT="2049"
POP_SERVER="not.giving.out.on.mailing.list."
SOCKS_PORT="1080"
OPENWINDOWS_PORT="2000"
SQUID_PORT="3128"
LOCKD_PORT="4045"
SSH_PORTS="1020:65535"
DHCP_SERVER="not.giving.out.on.mailing.list"


#this rule has a syntax problem
#Bad argument `1024:65535'
#iptables -A OUTPUT -o $INTERNET -p tcp \
#         -s $IPADRR --sport $UNPRIVPORTS \
#         -d $NAMESERVER --dport 53 -j ACCEPT

#these rules have syntax problems
#Bad argument `53'
#iptables -A OUTPUT -o $INTERNET -p udp \
#         -s $IPADRR --sport 53 \
#         -d $NAMESERVER --dport 53 -j ACCEPT
#iptables -A INPUT -i $INTERNET -p udp \
#         -s $NAMESERVER --sport 53 \
#         -d $IPADRR --dport 53 -j ACCEPT

#this rule has a syntax problem
#Bad argument `1024:65535'
#iptables -A OUTPUT -o $INTERNET -p tcp \
#         -s $IPADRR --sport $UNPRIVPORTS \
#         --dport 113 -j ACCEPT

#these two rules have syntax problems Bad argument `1024:65535'
#iptables -A OUTPUT -o $INTERNET -p tcp \
#         -s $IPADRR --sport $UNPRIVPORTS \
#         -d $POP_SERVER --dport 110 -j ACCEPT
#iptables -A INPUT -i $INTERNET -p tcp ! --syn \
#         -s $POP_SERVER --sport 110 \
#         -d $IPADRR --dport $UNPRIVPORTS -j ACCEPT

#both rules have a syntax error of Bad arguement '22'
#iptables -A OUTPUT -o $INTERNET -p tcp \
#         -s $IPADDR --sport $SSH_PORTS\
#         -dport 22 -j ACCEPT
#iptables -A INPUT -i $INTERNET -p tcp ! --syn \
#         -sport 22 \
#         -d $IPADDR --dport $SSH_PORTS -j ACCEPT

#syntax error cant use -D with -A
#iptables -A OUTPUT -o $INTERNET -p udp \
#         -s $IPADDR --sport 68 \
#         -D $DHCP_SERVER --dport 67 -j ACCEPT

#syntax error Bad arguement '67'
#iptables -A INPUT -i $INTERNET -p udp \
#         -s $DHCP_SERVER --sport 67 \
#         -d $IPADDR --dport 68 -j ACCEPT


-- 
-Ross


--
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: iptables syntax problems
  - From: Davy Gigan <dgigan@etu.info.unicaen.fr>
- Re: iptables syntax problems
  - From: Jean Christophe ANDRÃ? <jean-christophe.andre@auf.org>
- Re: iptables syntax problems
  - From: Lance Levsen <l.levsen@pwgroup.ca>

Prev by Date: Re: About Iptables and Masquerade
Next by Date: Debian firewall howto
Previous by thread: Problem Iptables and Ntop
Next by thread: Re: iptables syntax problems
Index(es):
- Date
- Thread