-----Original Message----- From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of John A. Sullivan III Sent: Tuesday, March 08, 2005 5:19 PM To: Veena Etcell Cc: Netfilter users list Subject: RE: Adding variables to iptables file On Tue, 2005-03-08 at 21:36 +1100, Veena Etcell wrote: > Ahh... The format of the example is skewiff. > > It should read: > # Generated by iptables-save v1.2.11 on Mon Mar 7 22:18:56 2005 > EXT_INTERFACE="eth0" > *filter > .... > > EXT_INTERFACE="eth0" being the variable noted in the original email. > > Regards > > -----Original Message----- > From: R. DuFresne [mailto:dufresne@xxxxxxxxxxx] > Sent: Tuesday, 8 March 2005 9:31 PM > To: Veena Etcell > Subject: Re: Adding variables to iptables file > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > What variable? <inline> > > On Tue, 8 Mar 2005, Veena Etcell wrote: > > > Hi, > > > > I am hoping someone can help with the following: > > I am at a point where I require advice/direction with regards to adding > > variables (manually or otherwise) to a standard iptables file. > > I am not sure how to add them/where to add them or the syntax that is > > required. > > > > In the example below I have manually added one variable (Line 2) to see > > would happen to /etc/sysconfig/iptables (Redhat FC3 install). > > > > When I iptables-restore < /etc/sysconfig/iptables I get "error at line 2 > > failed" > > > > > > # Generated by iptables-save v1.2.11 on Mon Mar 7 22:18:56 2005 > > EXT_INTERFACE="eth0" > > *filter > > > *filter is not a variable, basically what you are doing is creating a > shell script, so variables are declared as they are in a shell script;; > > var=something > <snip> >Hmmm . . . perhaps I am misinformed but I thought one could not use a >variable in a file passed to iptables-restore although one can use them >in a regular script which uses the iptables command. Of course, >iptables-restore is the way to go for loading large rule sets. This may not be related, but I'm also getting this error. I upgraded from iptables-1.2.8-12.3 to iptables-1.2.11-3.2 on a CentOS 3.4 box. I created the new version from src.rpm. Now, when I fire off iptables, I get the "error at line 2", which in my iptables is nat, and iptables fails to load. Further exploration and experimentation shows that when I try to load iptable_nat.o, I get symbol errors. However, when I run a iptables script I created, despite a little complaining, iptables does load. Any help to get this fixed (which hopefully helps the OP, too) would be greatly appreciated.
