Haloweb

Well-Known Member
Jul 2, 2004
88
0
156
Hi Everyone

I am installing csf however I get the following iptable error, please can someone tell me what it means

Code:
Error: iptables command [/sbin/iptables -v -I OUTPUT 2 -i eth0 -j GDENY] failed, at line 383
 

Haloweb

Well-Known Member
Jul 2, 2004
88
0
156
Hi

Its a dedicated box not a VPS and it seems like IP tables is installed
I can start and stop it and perform the various other commands, I am
running AMD 64 Athlon 3200 CentOS 4 OS
 
Last edited:

Haloweb

Well-Known Member
Jul 2, 2004
88
0
156
well I thought the problem was more IP tables / cpanel realted rather than
chirpys script hence I asked here
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,465
30
473
Go on, have a guess
Indeed. I've been tied up until now and it's quicker to comtact me directly if you find a problem. It's a bug in the script and will be fixed in the next release due out today.
 

jimmshepard

Member
Aug 14, 2003
19
0
151
Chicago
Same Problem

Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
ACCEPT all opt -- in lo out * 0.0.0.0/0 -> 0.0.0.0/0
ACCEPT all opt -- in * out lo 0.0.0.0/0 -> 0.0.0.0/0
LOG tcp opt -- in venet0 out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *TCP_IN Blocked* '
LOG tcp opt -- in * out venet0 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *TCP_OUT Blocked* '
LOG udp opt -- in venet0 out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *UDP_IN Blocked* '
LOG udp opt -- in * out venet0 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *UDP_OUT Blocked* '
LOG icmp opt -- in venet0 out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *ICMP_IN Blocked* '
LOG icmp opt -- in * out venet0 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *ICMP_OUT Blocked* '
DROP all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0
DROP all opt -- in venet0 out * 0.0.0.0/0 -> 0.0.0.0/0 state INVALID
DROP tcp opt -- in venet0 out * 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x3F/0x00
DROP tcp opt -- in venet0 out * 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x03/0x03
DROP tcp opt -- in venet0 out * 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x06/0x06
DROP tcp opt -- in venet0 out * 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x05/0x05
DROP tcp opt -- in venet0 out * 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x11/0x01
DROP tcp opt -- in venet0 out * 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x18/0x08
DROP tcp opt -- in venet0 out * 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x30/0x20
DROP all opt -- in * out venet0 0.0.0.0/0 -> 0.0.0.0/0 state INVALID
DROP tcp opt -- in * out venet0 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x3F/0x00
DROP tcp opt -- in * out venet0 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x03/0x03
DROP tcp opt -- in * out venet0 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x06/0x06
DROP tcp opt -- in * out venet0 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x05/0x05
DROP tcp opt -- in * out venet0 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x11/0x01
DROP tcp opt -- in * out venet0 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x18/0x08
DROP tcp opt -- in * out venet0 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x30/0x20
DSHIELD all opt -- in venet0 out * 0.0.0.0/0 -> 0.0.0.0/0
SPAMHAUS all opt -- in venet0 out * 0.0.0.0/0 -> 0.0.0.0/0
REJECT tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:25 reject-with icmp-port-unreachable
iptables: No chain/target/match by that name
ACCEPT tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:25 OWNER UID match 0
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `DSHIELD'
Flushing chain `LOGDROP'
Flushing chain `SPAMHAUS'
Deleting chain `DSHIELD'
Deleting chain `LOGDROP'
Deleting chain `SPAMHAUS'
Error: iptables command [/sbin/iptables -v -I OUTPUT -p tcp --dport 25 -m owner --uid-owner 0 -j ACCEPT] failed, at line 469


...Done
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,465
30
473
Go on, have a guess
No, that's a different problem - it suggest you don't have all the required iptables modules available in your kernel.