|
Hi,
> Trying the script mentioned on the page.
> Can't get it to work
>
> The line:
>
> iptables -t mangle -A OUTPUT -p tcp -s 192.168.5.66/32 -d 0.0.0.0/0
> --dport telnet -j 3-Tier_rules
>
> gives:
>
> iptables: Invalid argument
> iptables v1.2.9: Couldn't load target
> `3-Tier_rules':/lib/iptables/libipt_3-Tier_rules.so: cannot open shared
> object file: No such file or directory
>
> The chain exists:
>
> Chain 3-Tier_rules (0 references)
> target prot opt source destination
Well, in which table does it exist? I looks like the 3-Tier_rules is in the
filter table and thus cannot be jumped at. Test on my local system:
ld00:~# iptables --version
iptables v1.2.9
ld00:~# iptables -t mangle -N 3-Tier_rules
ld00:~# iptables -t mangle -A OUTPUT -p tcp -s 192.168.5.66/32 -d 0.0.0.0/0 --dp
ort telnet -j 3-Tier_rules
ld00:~# iptables -t mangle -L -n
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
3-Tier_rules tcp -- 192.168.5.66 0.0.0.0/0 tcp dpt:23
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain 3-Tier_rules (1 references)
target prot opt source destination
ld00:~#
Works like a charm. Could you check if the script always specifies the table
with '-t' or if the author just assumed that if you don't specify it that it
will be the correct table?
<bitching ahead>
IMHO this is one of the most braindead features of the iptables command line
parser, which is to allow the user to drop the '-t filter' if you handle the
filter table. It's so extremely anti-structured-programming-like that it hurts
my head every time I have to write a shell script for iptables ;).
</bitching ahead>
Cheers,
ratz
--
echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq' | dc
|
