** Reply to message from Bob Hillegas <[EMAIL PROTECTED]> on Thu, 02 May 2002 23:00:44 -0500 (CDT)
> Maybe I'm just tired, but iptables is giving me some funny error messages. > > I'm using RedHat 7.1, kernel 2.4.9-21, and iptables 1.2.4-0.71.2. > > I have a script I've been using and began tonight to extend it. After > adding four more rules to the FORWARD chain, I stopped to test my > handywork and got the following: > > ./fw_iptables.nat: line 623: syntax error near unexpected token `"EXT-icmp-in(1' > ./fw_iptables.nat: line 623: ` --log-level INFO --log-prefix "EXT-icmp-in(1): >"' > > Since I couldn't see any problem with the rule, I decided to comment it > out and see what popped up next. Take a look at this: > > ./fw_iptables.nat: line 623: syntax error near unexpected token `"EXT-icmp-in(1' > ./fw_iptables.nat: line 623: `## --log-level INFO --log-prefix "EXT-icmp-in(1): "' > > You'll notice the two pound signs. I always add two pounds to comment out > code so I'll notice my comments from the normal one pound kind. > > This rule is several pages from the changes I made and has run sucessfully > for several weeks. > > > For those of you who want to see the code, a small fragment is below. The > rule with the error is the one with ##. > > BTW, $IPT=/sbin/iptables. > > ############################################################### > # ICMP > > $IPT -A EXT-input -p icmp -j EXT-icmp-in > > $IPT -A EXT-output -p icmp -j EXT-icmp-out > > ############################################################### > # ICMP traffic > > # Log and drop initial ICMP fragments > ##$IPT -A EXT-icmp-in --fragment -m limit -j LOG \ > ## --log-level INFO --log-prefix "EXT-icmp-in(1): " > > $IPT -A EXT-icmp-in --fragment -j DROP > > $IPT -A EXT-icmp-out --fragment -m limit -j LOG \ > --log-level INFO --log-prefix "EXT-icmp-out(2): " Bob - You'll save yourself a lot of grief if you grab the latest iptables rpm from Redhat's rawhide ftp repository. The 1.2.4 rpm builds were broken. jb -- Jack Bowling mailto: [EMAIL PROTECTED]
