hi
use
IPT="/sbin/iptables"
not
$IPT="/sbin/iptables"
manish
On Thu, 2 May 2002 23:00:44
Bob Hillegas wrote:
>Maybe I'm just tired, but iptables is giving me some funny error messages.
>
>I'm using RedHat 7.1, kernel 2.4.9-21, and iptables 1.2.4-0.71.2.
>
>I have a script I've been using and began tonight to extend it. After
>adding four more rules to the FORWARD chain, I stopped to test my
>handywork and got the following:
>
>./fw_iptables.nat: line 623: syntax error near unexpected token `"EXT-icmp-in(1'
>./fw_iptables.nat: line 623: ` --log-level INFO --log-prefix "EXT-icmp-in(1): "'
>
>Since I couldn't see any problem with the rule, I decided to comment it
>out and see what popped up next. Take a look at this:
>
>./fw_iptables.nat: line 623: syntax error near unexpected token `"EXT-icmp-in(1'
>./fw_iptables.nat: line 623: `## --log-level INFO --log-prefix "EXT-icmp-in(1): "'
>
>You'll notice the two pound signs. I always add two pounds to comment out
>code so I'll notice my comments from the normal one pound kind.
>
>This rule is several pages from the changes I made and has run sucessfully
>for several weeks.
>
>
>For those of you who want to see the code, a small fragment is below. The
>rule with the error is the one with ##.
>
>BTW, $IPT=/sbin/iptables.
>
>###############################################################
># ICMP
>
>$IPT -A EXT-input -p icmp -j EXT-icmp-in
>
>$IPT -A EXT-output -p icmp -j EXT-icmp-out
>
>###############################################################
># ICMP traffic
>
># Log and drop initial ICMP fragments
>##$IPT -A EXT-icmp-in --fragment -m limit -j LOG \
>## --log-level INFO --log-prefix "EXT-icmp-in(1): "
>
>$IPT -A EXT-icmp-in --fragment -j DROP
>
>$IPT -A EXT-icmp-out --fragment -m limit -j LOG \
> --log-level INFO --log-prefix "EXT-icmp-out(2): "
>
>
>Is this a known problem or am I? :-)
>Thanks, BobH
>-------------------------------------------------
>Bob Hillegas
><[EMAIL PROTECTED]>
>
>
>
>
