On 06/29/2017 07:20 PM, Doug wrote: > > On 06/29/2017 09:08 PM, JD wrote: >> >> >> On 06/29/2017 07:48 PM, Doug wrote: >>> >>> On 06/29/2017 08:32 PM, JD wrote: >>>> >>>> >>>> On 06/29/2017 07:10 PM, jdow wrote: >>>>> iptables -t filter -A IN_public_deny -p tcp --dport pop3s --syn -m >>>>> recent --name pop3s_attack --rcheck --seconds 90 --hitcount 2 -j >>>>> LOG --log-prefix 'SSH2 REJECT: ' --log-level info >>>> My iptables replied: >>>> iptables: No chain/target/match by that name. >>>> >>>> How is it created? >>> >>> How is WHAT created? I'm snowed! >>> --doug >> The CHAIN Doug. >> iptables says there is no such chain to add a new rule to. >> >> In this case, the chain name is IN_public >> >> I tried all capitals for the chain name, to no avail. > I give up. This is all Greek to me. I just want to get a little security > from malware. Just to clarify, firewalld and its various control programs (firewall- config, et al) is just a mechanism to manipulate iptables. iptables is still the actual firewall mechanism. That being said, the "IN_public_deny" iptables chain for the "filter" table is created by firewalld on startup. By default, the "filter" table in iptables only has the INPUT, FORWARD and OUTPUT chains. Any new chains must first be created using "iptables -N new-chain-name" (which firewalld does), then rules can be added to that chain. You also would need to reference that new chain somehow from the INPUT chain. If you're not using firewalld, you'd need _insert_ Joanne's rule somewhere in the default INPUT chain before the final "DROP" or "REJECT" lines (not append it to the end). If you _are_ using firewalld and are interested in this enough, have a look at the rules firewalld created by entering (as root): iptables -L -n Also have the firewalld config GUI open so you see the iptables rules map against firewalld. You'll see that the iptables "filter" table's INPUT chain references an "INPUT_ZONES" chain. This is the iptables manifestation of the zones referenced in firewalld. This chain, in turn, references an "IN_public" chain (which is the actual iptables manifestation of the "public" zone in the firewalld config). The "IN_public" chain then references the "IN_public_allow" chain first (which is the iptables manifestation of firewalld's allowed ports--e.g. the "checked" boxes under "services" and "ports"), then the "IN_public_deny" chain (which, by default, rejects all connections). Et, voila! Yes, it's convoluted but this multiple chain layout is a convenient way to map iptables rules to a GUI-based firewall manager. I'm sure it could be done better, but it's really not as bad as it first appears. ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer, AllDigital ricks@xxxxxxxxxxxxxx - - AIM/Skype: therps2 ICQ: 226437340 Yahoo: origrps2 - - - - The trouble with troubleshooting is that trouble sometimes - - shoots back. - ---------------------------------------------------------------------- _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
