IPChains Question (compatibility mode on kernel 2.4.x)

From: Bill Tihen (bill_at_tasis.ch)
Date: 05/09/03

Next message: SB CH: "how to check current backlog queue size(against synflood)"

Previous message: Jaeson Schultz: "RE: Martian Source"
Next in thread: Kurt Seifried: "Re: IPChains Question (compatibility mode on kernel 2.4.x)"
Reply: Kurt Seifried: "Re: IPChains Question (compatibility mode on kernel 2.4.x)"
Reply: Sebastian Muniz: "Re: IPChains Question (compatibility mode on kernel 2.4.x)"
Reply: Glynn Clements: "Re: IPChains Question (compatibility mode on kernel 2.4.x)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 9 May 2003 13:50:45 +0200 (CEST)
To: <focus-linux@securityfocus.com>

I am using RH90. From my (limited) understanding the following IPchain
should work (all my rules based on tcp, udp & icmp work).

-A input -i eth0 -p ddp --dport rtmp -j ACCEPT
#-A input -i eth0 -p ddp --dport zip -j ACCEPT
#-A input -i eth0 -p ddp --dport nbp -j ACCEPT
#-A input -i eth0 -p ddp --dport echo -j ACCEPT
#-A input -i eth0 -p ddp -s 172.25.0.0/16 --dport rtmp -j ACCEPT
#-A input -i eth0 -p ddp -s 172.25.0.0/16 --dport zip -j ACCEPT
#-A input -i eth0 -p ddp -s 172.25.0.0/16 --dport nbp -j ACCEPT
#-A input -i eth0 -p ddp -s 172.25.0.0/16 --dport echo -j ACCEPT

I get the following error(s):

[root@enet root]# /etc/rc.d/init.d/ipchains restart
Flushing all current rules and user defined chains: [ OK ]
Clearing all current rules and user defined chains: [ OK ]
Applying ipchains firewall rules: /sbin/ipchains: can only specify ports for
icmp, tcp or udp
Try `/sbin/ipchains -h' or '/sbin/ipchains --help' for more information.
ipchains command -A input -i eth0 -p ddp --dport rtmp -j ACCEPT failed
This is /sbin/ipchains-restore v1.1.2
If this is the latest version of ipchains-restore, and the input
was created using the latest version of ipchains-save, then I'd
really appreciate a bug report. Please send the input you used,
and all the output from this program to the author,
`ipchains@rustcorp.com' with `BUG-REPORT' in the subject
line so I know to read the message.

Apologies for the inconvenience,
Paul ``Rusty'' Russell.

Any ideas on what I could do to fix this?

PS -- ipchains@rustcorp.com doesn't work.

My entire chain set is attached below incase some thing is dependent:

-------------------------------------------
TASIS -- The American School in Switzerland
CH-6926 Montagnola-Lugano Switzerland
E-mail: administration@tasis.ch
Phone: +41-91-960-5151
Fax: +41-91-994-2364
http://www.tasis.ch/

application/octet-stream attachment: ipchains-enet

Next message: SB CH: "how to check current backlog queue size(against synflood)"

Previous message: Jaeson Schultz: "RE: Martian Source"
Next in thread: Kurt Seifried: "Re: IPChains Question (compatibility mode on kernel 2.4.x)"
Reply: Kurt Seifried: "Re: IPChains Question (compatibility mode on kernel 2.4.x)"
Reply: Sebastian Muniz: "Re: IPChains Question (compatibility mode on kernel 2.4.x)"
Reply: Glynn Clements: "Re: IPChains Question (compatibility mode on kernel 2.4.x)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]