> > #Firewall configuration written by lokkit
> > #Manual configuration of this file is not recommended.
> > #Note: ifup-post will punch the current nameservers through the
> > # firewall. Such entries will *not* be listed here.
> > *filter
> > :INPUT ACCEPT [0:0]
> > :FORWARD ACCEPT [0:0]
> > :OUTPUT ACCEPT [0:0]
> > :RH-Lokkit-0-50-INPUT - [0:0]
> > -A <LOOK HERE>INPUT-j</LOOK HERE> RH-Lokkit-0-50-INPUT
>
> Shouldn't there be a space after INPUT and -j maybe this is why it is
> complaining about bad rule. Or if this is a cut and paste typo ...
> Arindam Dey
Sorry, it is a typo, was actually:
-A INPUT -j RH-Lokkit-0-50-INPUT
> > -A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
> > -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --syn -j REJECT
> > -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049 --syn -j REJECT
> > -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 --syn -j REJECT
> > -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 2049 --syn -j REJECT
> > -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 6000:6009 --syn -j REJECT
> > -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 --syn -j REJECT
> > COMMIT
>
> You can't use syn with udp :) Something to do with the differences
> between tcp and udp and the 'connectionless' manner of udp.
> HTH, Iain Buchanan
Sorry, that also is a typo! It was late and I was manually copying from my notebook
to the desktop. It was actually:
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 2049 -j REJECT
Now what, please?
--
Thanks! dmc :-D
~~~~~~~~~~~~~~~~~~~~~~~~~
|
Jesus === Freedom
|
~~~~~~~~~~~~~~~~~~~~~~~~~
--
Shrike-list mailing list
Shrike-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/shrike-list
