Problem with IPTables

To: "'debian-security@lists.debian.org'" <debian-security@lists.debian.org>
Subject: Problem with IPTables
From: "Bender, Jeff" <jbender@eschelon.com>
Date: Mon, 17 Dec 2001 12:08:46 -0600
Message-id: <[🔎] E37A7C49F2F2E04EAE60A86D0C570C1804CDF0CA@k2.corp.eschelon.com>

I am having troubles with IPTables.  My rules are having troubles with
handling "-m state --state ESTABLISHED" options.  The error I get is
"iptables: No chain/target/match by that name".  Any ideas?  Here is my
script below.

# http://www.cs.princeton.edu/~jns/security/iptables/index.html
# Prepared by James C. Stephens
# (jns@gfdl.noaa.gov)

#!/bin/bash 
# 
# These lines are here in case rules are already in place and the script is
ever rerun on the fly. 
# We want to remove all rules and pre-exisiting user defined chains and zero
the counters 
# before we implement new rules. 
iptables -F 
iptables -X 
iptables -Z 

# Set up a default DROP policy for the built-in chains. 
# If we modify and re-run the script mid-session then (because we have a
default DROP 
# policy), what happens is that there is a small time period when packets
are denied until 
# the new rules are back in place. There is no period, however small, when
packets we 
# don't want are allowed. 
iptables -P INPUT ACCEPT 
iptables -P FORWARD ACCEPT 
iptables -P OUTPUT ACCEPT 

## =========================================================== 
## Some definitions: 
IFACE="eth0" 
IPADDR="209.150.196.220" 
LO="lo"
NAMESERVER_1="209.150.200.15" 
NAMESERVER_2="209.150.200.10" 
NAMESERVER_3="64.65.128.6" 
BROADCAST="209.150.196.255" 
LOOPBACK="127.0.0.0/8" 
CLASS_A="10.0.0.0/8" 
CLASS_B="172.16.0.0/12" 
CLASS_C="192.168.0.0/16" 
CLASS_D_MULTICAST="224.0.0.0/4" 
CLASS_E_RESERVED_NET="240.0.0.0/5" 
P_PORTS="0:1023" 
UP_PORTS="1024:65535" 
TR_SRC_PORTS="32769:65535" 
TR_DEST_PORTS="33434:33523" 

## ============================================================ 
# RULES 
echo "Start Rules"

## LOOPBACK 
# Allow unlimited traffic on the loopback interface. 
iptables -A INPUT  -i $LO -j ACCEPT 
iptables -A OUTPUT -o $LO -j ACCEPT 

echo -n "Allow DNS servers incoming traffic..."

## DNS
# NOTE: DNS uses tcp for zone transfers, for transfers greater than 512
bytes (possible, but unusual), and on certain
# platforms like AIX (I am told), so you might have to add a copy of this
rule for tcp if you need it
# Allow UDP packets in for DNS client from nameservers.
iptables -A INPUT -i $IFACE -p udp -s $NAMESERVER_1 --sport 53 -m state
--state ESTABLISHED -j ACCEPT
#iptables -A INPUT -i $IFACE -p udp -s $NAMESERVER_2 --sport 53 -m state
--state ESTABLISHED -j ACCEPT
#iptables -A INPUT -i $IFACE -p udp -s $NAMESERVER_3 --sport 53 -m state
--state ESTABLISHED -j ACCEPT
# Allow UDP packets to DNS servers from client.
#iptables -A OUTPUT -o $IFACE -p udp -d $NAMESERVER_1 --dport 53 -m state
--state NEW,ESTABLISHED -j ACCEPT
#iptables -A OUTPUT -o $IFACE -p udp -d $NAMESERVER_2 --dport 53 -m state
--state NEW,ESTABLISHED -j ACCEPT
#iptables -A OUTPUT -o $IFACE -p udp -d $NAMESERVER_3 --dport 53 -m state
--state NEW,ESTABLISHED -j ACCEPT

echo "done"

bash# ./test.firewall 
Start Rules
Allow DNS servers incoming traffic...iptables: No chain/target/match by that
name
done

Reply to:

Follow-Ups:
- Re: Problem with IPTables
  - From: Joe Ellis <joee@lithodyne.net>
- Re: Problem with IPTables
  - From: "Daniel Rychlik" <daniel@rychlik.ws>
- Re: Problem with IPTables
  - From: Hubert Chan <hackerhue@geek.com>

Prev by Date: Re: Apt-get is insecure
Next by Date: Re: Spam?!?
Previous by thread: postfix DoS problem
Next by thread: Re: Problem with IPTables
Index(es):
- Date
- Thread