Maybe I'm just tired, but iptables is giving me some funny error messages.
I'm using RedHat 7.1, kernel 2.4.9-21, and iptables 1.2.4-0.71.2.
I have a script I've been using and began tonight to extend it. After
adding four more rules to the FORWARD chain, I stopped to test my
handywork and got the following:
./fw_iptables.nat: line 623: syntax error near unexpected token `"EXT-icmp-in(1'
./fw_iptables.nat: line 623: ` --log-level INFO --log-prefix "EXT-icmp-in(1): "'
Since I couldn't see any problem with the rule, I decided to comment it
out and see what popped up next. Take a look at this:
./fw_iptables.nat: line 623: syntax error near unexpected token `"EXT-icmp-in(1'
./fw_iptables.nat: line 623: `## --log-level INFO --log-prefix "EXT-icmp-in(1): "'
You'll notice the two pound signs. I always add two pounds to comment out
code so I'll notice my comments from the normal one pound kind.
This rule is several pages from the changes I made and has run sucessfully
for several weeks.
For those of you who want to see the code, a small fragment is below. The
rule with the error is the one with ##.
BTW, $IPT=/sbin/iptables.
###############################################################
# ICMP
$IPT -A EXT-input -p icmp -j EXT-icmp-in
$IPT -A EXT-output -p icmp -j EXT-icmp-out
###############################################################
# ICMP traffic
# Log and drop initial ICMP fragments
##$IPT -A EXT-icmp-in --fragment -m limit -j LOG \
## --log-level INFO --log-prefix "EXT-icmp-in(1): "
$IPT -A EXT-icmp-in --fragment -j DROP
$IPT -A EXT-icmp-out --fragment -m limit -j LOG \
--log-level INFO --log-prefix "EXT-icmp-out(2): "
Is this a known problem or am I? :-)
Thanks, BobH
-------------------------------------------------
Bob Hillegas
<[EMAIL PROTECTED]>
