1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

csf iptables problem

Discussion in 'General Discussion' started by Haloweb, Sep 9, 2006.

  1. Haloweb

    Haloweb Member

    Joined:
    Jul 2, 2004
    Messages:
    88
    Likes Received:
    0
    Trophy Points:
    6
    Hi Everyone

    I am installing csf however I get the following iptable error, please can someone tell me what it means

    Code:
    Error: iptables command [/sbin/iptables -v -I OUTPUT 2 -i eth0 -j GDENY] failed, at line 383
     
  2. mctDarren

    mctDarren Member

    Joined:
    Jan 6, 2004
    Messages:
    668
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    Is iptables installed in the kernel? Is this a VPS? OS you are running?
     
  3. Haloweb

    Haloweb Member

    Joined:
    Jul 2, 2004
    Messages:
    88
    Likes Received:
    0
    Trophy Points:
    6
    Hi

    Its a dedicated box not a VPS and it seems like IP tables is installed
    I can start and stop it and perform the various other commands, I am
    running AMD 64 Athlon 3200 CentOS 4 OS
     
    #3 Haloweb, Sep 9, 2006
    Last edited: Sep 9, 2006
  4. Haloweb

    Haloweb Member

    Joined:
    Jul 2, 2004
    Messages:
    88
    Likes Received:
    0
    Trophy Points:
    6
    well I thought the problem was more IP tables / cpanel realted rather than
    chirpys script hence I asked here
     
  5. brianoz

    brianoz Active Member

    Joined:
    Mar 13, 2004
    Messages:
    1,152
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    It's pretty pointless asking here, you need to ask the author of csf, chirpy.
     
  6. chirpy

    chirpy Super Moderator

    Joined:
    Jun 15, 2002
    Messages:
    13,499
    Likes Received:
    14
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Indeed. I've been tied up until now and it's quicker to comtact me directly if you find a problem. It's a bug in the script and will be fixed in the next release due out today.
     
  7. jimmshepard

    jimmshepard New Member

    Joined:
    Aug 14, 2003
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Chicago
    Same Problem

    Flushing chain `INPUT'
    Flushing chain `FORWARD'
    Flushing chain `OUTPUT'
    ACCEPT all opt -- in lo out * 0.0.0.0/0 -> 0.0.0.0/0
    ACCEPT all opt -- in * out lo 0.0.0.0/0 -> 0.0.0.0/0
    LOG tcp opt -- in venet0 out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *TCP_IN Blocked* '
    LOG tcp opt -- in * out venet0 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *TCP_OUT Blocked* '
    LOG udp opt -- in venet0 out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *UDP_IN Blocked* '
    LOG udp opt -- in * out venet0 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *UDP_OUT Blocked* '
    LOG icmp opt -- in venet0 out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *ICMP_IN Blocked* '
    LOG icmp opt -- in * out venet0 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *ICMP_OUT Blocked* '
    DROP all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0
    DROP all opt -- in venet0 out * 0.0.0.0/0 -> 0.0.0.0/0 state INVALID
    DROP tcp opt -- in venet0 out * 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x3F/0x00
    DROP tcp opt -- in venet0 out * 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x03/0x03
    DROP tcp opt -- in venet0 out * 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x06/0x06
    DROP tcp opt -- in venet0 out * 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x05/0x05
    DROP tcp opt -- in venet0 out * 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x11/0x01
    DROP tcp opt -- in venet0 out * 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x18/0x08
    DROP tcp opt -- in venet0 out * 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x30/0x20
    DROP all opt -- in * out venet0 0.0.0.0/0 -> 0.0.0.0/0 state INVALID
    DROP tcp opt -- in * out venet0 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x3F/0x00
    DROP tcp opt -- in * out venet0 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x03/0x03
    DROP tcp opt -- in * out venet0 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x06/0x06
    DROP tcp opt -- in * out venet0 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x05/0x05
    DROP tcp opt -- in * out venet0 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x11/0x01
    DROP tcp opt -- in * out venet0 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x18/0x08
    DROP tcp opt -- in * out venet0 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x30/0x20
    DSHIELD all opt -- in venet0 out * 0.0.0.0/0 -> 0.0.0.0/0
    SPAMHAUS all opt -- in venet0 out * 0.0.0.0/0 -> 0.0.0.0/0
    REJECT tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:25 reject-with icmp-port-unreachable
    iptables: No chain/target/match by that name
    ACCEPT tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:25 OWNER UID match 0
    Flushing chain `INPUT'
    Flushing chain `FORWARD'
    Flushing chain `OUTPUT'
    Flushing chain `DSHIELD'
    Flushing chain `LOGDROP'
    Flushing chain `SPAMHAUS'
    Deleting chain `DSHIELD'
    Deleting chain `LOGDROP'
    Deleting chain `SPAMHAUS'
    Error: iptables command [/sbin/iptables -v -I OUTPUT -p tcp --dport 25 -m owner --uid-owner 0 -j ACCEPT] failed, at line 469


    ...Done
     
  8. chirpy

    chirpy Super Moderator

    Joined:
    Jun 15, 2002
    Messages:
    13,499
    Likes Received:
    14
    Trophy Points:
    38
    Location:
    Go on, have a guess
    No, that's a different problem - it suggest you don't have all the required iptables modules available in your kernel.
     

Share This Page