firewall error

Imagen de edidanilo

Forums: 

estimados amigos tengo el siguiente problema de firewall en un server red hat enterprice linux 4 2.6.9-5.ELsmp:

starting firewall:
iptables: no chain/tarjget/match by that name
iptables: no chain/tarjget/match by that name
iptables: no chain/tarjget/match by that name
iptables: no chain/tarjget/match by that name
etc.......

[color=blue]bien mi firewall es:[/color]

#!/bin/sh
# iptables, by Technion
# $Id: iptables,v 1.33 2002/11/20 23:22:16 technion Exp $
# chkconfig: 2345 08 80
# description: Script for setting IPTABLES rules
# processname: iptables

# Is this script to be run on Red Hat Linux? If not, set to "NO"
REDHAT="YES"

# Network information you will need to adjust
INTERNALIF="eth0" #La interface de red interna
INTERNALNET="10.2.19.0/24" #El id de red interna
INTERNALBCAST="10.2.19.255" #La direccion de broadcast interna
EXTERNALIF="eth1" #La interface de red externa
EXTERNALNET="190.11.27.0/24" #Id de red externa
#Para el servicio nat y dnat para que pag externas se puedan ver en mi red interna
#Para exhibir las pag internas en la red externa
MYADDR="190.11.27.151" # Only needed for DNAT, leave out otherwise

# Pathnames
DMESG="/bin/dmesg"
IPTABLES="`which iptables`"
MODPROBE="/sbin/modprobe"

# This is a batch of Red Hat Linux-specific commands
# that enable a user to call the script with a start/stop/restart
# argument.
if [ X"$REDHAT" = X"YES" ]; then
. /etc/rc.d/init.d/functions
case "$1" in
stop)
action "Shutting down firewall:" echo
$IPTABLES -F
$IPTABLES -P FORWARD DROP
exit 0
;;
status)
echo "Iptables no soporta status "
exit 0
;;
restart|reload)
$0 stop
exec $0 start
;;
start)
action "Starting Firewall:" echo
;;
*)
echo "Use: firewall (start|stop|restart)"
exit 1
esac
fi

################################################################
#Insert modules- should be done automatically if needed
dmesg -n 1 #Kill copyright display on module load
/sbin/modprobe ip_tables
/sbin/modprobe iptable_filter
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
#
## Flush everything, start from scratch
#
# Incoming packets from the outside network
$IPTABLES -F INPUT
# Outgoing packets from the internal network
$IPTABLES -F OUTPUT
# Forwarding/masquerading
$IPTABLES -F FORWARD
#Nat table
$IPTABLES -t nat -F
##Setup sysctl controls which affect tcp/ip

#
#Disabling IP Spoofing attacks.
#Comment this line out when using IPSEC
echo 2 > /proc/sys/net/ipv4/conf/all/rp_filter

#Don't respond to broadcast pings
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

#Defragment all Packets
#Default now

#Enable forwarding
echo 1 >/proc/sys/net/ipv4/ip_forward

#Block source routing
echo 0 >/proc/sys/net/ipv4/conf/all/accept_source_route

#Kill timestamps. These have been the subject of a recent bugtraq thread
echo 0 > /proc/sys/net/ipv4/tcp_timestamps

#Enable SYN Cookies
echo 1 > /proc/sys/net/ipv4/tcp_syncookies

#Kill redirects
echo 0 >/proc/sys/net/ipv4/conf/all/accept_redirects

#Enable bad error message protection
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses

#Allow dynamic ip addresses
echo "1" > /proc/sys/net/ipv4/ip_dynaddr

#Log martians (packets with impossible addresses)
#RiVaL said that certain NICs don't like this. Comment out if necessary.
echo 1 >/proc/sys/net/ipv4/conf/all/log_martians

#Set out local port range
echo "32768 61000" >/proc/sys/net/ipv4/ip_local_port_range

#Reduce DoS'ing ability by reducing timeouts
echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
echo 0 > /proc/sys/net/ipv4/tcp_sack
echo 1280 > /proc/sys/net/ipv4/tcp_max_syn_backlog

##Set basic rules
#
#Note that unlike ipchains, rules passing through a FORWARD chain do NOT
#also have to pass through an INPUT chain.

#Kill ANY stupid packets, including
#-Packets that are too short to have a full ICMP/UDP/TCP header
#- TCP and UDP packets with zero (illegal) source and destination ports
#-Illegal combinations of TCP flags
#-Zero-length (illegal) or over-length TCP and IP options,
# or options after the END-OF-OPTIONS option
#-Fragments of illegal length or offset (e.g., Ping of Death).
#Above list ripped from http://www.linux-mag.com/2000-01/bestdefense_02.html

#This has been found to be a little buggy. Removed for now.
$IPTABLES -A INPUT -m unclean -j DROP
$IPTABLES -A FORWARD -m unclean -j DROP

#Kill invalid packets (illegal combinations of flags)
$IPTABLES -A INPUT -m state --state INVALID -j DROP
$IPTABLES -A FORWARD -m state --state INVALID -j DROP

# Allow all connections on the internal interface
#

$IPTABLES -A INPUT -i lo -j DROP

#Kill connections to the local interface from the outside world.
$IPTABLES -A INPUT -d 127.0.0.0/8 -j DROP

#Allow unlimited traffic from internal network using legit addresses
$IPTABLES -A INPUT -i $INTERNALIF -s $INTERNALNET -j ACCEPT
#
#Allow IPV6 tunnel traffic
#$IPTABLES -A INPUT -p ipv6 -j ACCEPT

#Allow IPSEC tunnel traffic
#$IPTABLES -A INPUT -p 50 -j ACCEPT
$IPTABLES -A INPUT -p tcp -d 1723 -j ACCEPT
#Allow all traffic from the ipsec device to the internal network
#$IPTABLES -A FORWARD -i ipsec0 -o $INTERNALIF -j ACCEPT
#Allow key negotiation
#$IPTABLES -A INPUT -p udp --dport 500 -j ACCEPT

#Kill anything from outside claiming to be from internal network
$IPTABLES -A INPUT -i $EXTERNALIF -s $INTERNALNET -j DROP

##ICMP
#ping don't forward pings going inside
$IPTABLES -A FORWARD -p icmp --icmp-type echo-request -o $INTERNALIF -j DROP
#ping flood protection
$IPTABLES -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s -j DROP
$IPTABLES -A INPUT -p icmp --icmp-type echo-request -j DROP
#Deny icmp to broadcast address
$IPTABLES -A INPUT -p icmp -d $INTERNALBCAST -j DROP

#Allow all other icmp
#Esta linea sirve para que mi red interna pueda hacer ping entre ellas si cambiamos a drop o reject
#se eliminaran los paquetes icmp o se rechazaran respectivamente
$IPTABLES -A INPUT -p icmp -j DROP

##Allow established connections
#Unlike ipchains, we don't have to go through the business of allowing
#a local port range- just allow all connections already established.

$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

#Note that unlike ipchains, the following must be enabled even with masquerading
#Don't forward SMB related traffic Estos son los puertos que estamos utilizando
#$IPTABLES -A FORWARD -o $EXTERNALIF -p tcp --dport 1:3000 DROP
$IPTABLES -A FORWARD -o $EXTERNALIF -p tcp --dport 137 -j REJECT
$IPTABLES -A FORWARD -o $EXTERNALIF -p tcp --dport 138 -j REJECT
$IPTABLES -A FORWARD -o $EXTERNALIF -p tcp --dport 139 -j REJECT
$IPTABLES -A FORWARD -o $EXTERNALIF -p udp --dport 137 -j REJECT
$IPTABLES -A FORWARD -o $EXTERNALIF -p udp --dport 138 -j REJECT
$IPTABLES -A FORWARD -o $EXTERNALIF -p udp --dport 139 -j REJECT

$IPTABLES -A FORWARD -o $EXTERNALIF -p tcp --dport 80 -j ACCEPT
$IPTABLES -A FORWARD -o $EXTERNALIF -p tcp --dport 1723 -j ACCEPT

$IPTABLES -A INPUT -i $EXTERNALIF -p udp --dport 137 -j ACCEPT
$IPTABLES -A FORWARD -o $EXTERNALIF -p icmp -j DROP
#Samba Share
#$IPTABLES -A INPUT -p tcp --dport 137 -j ACCEPT
#$IPTABLES -A INPUT -p udp --dport 137 -j ACCEPT
#$IPTABLES -A INPUT -p tcp --dport 138 -j ACCEPT
#$IPTABLES -A INPUT -p udp --dport 138 -j ACCEPT
#$IPTABLES -A INPUT -p tcp --dport 139 -j ACCEPT
#$IPTABLES -A INPUT -p udp --dport 139 -j ACCEPT
#
#Allow ALL other forwarding going out
$IPTABLES -A FORWARD -o $EXTERNALIF -i $INTERNALIF -j ACCEPT

#Allow replies coming in

$IPTABLES -A FORWARD -i $EXTERNALIF -m state --state ESTABLISHED,RELATED -j ACCEPT

#Whack allowances
#Allow DHCP- Optus users need this
#$IPTABLES -A INPUT -p udp -d 255.255.255.255 --dport 68 -j ACCEPT

#Allow yourself to be a DHCP server for your inside network
#Necessary because the default rule allowing valid addresses ignores broadcast
#$IPTABLES -A INPUT -i $INTERNALIF -p tcp --sport 68 --dport 67 -j ACCEPT
#$IPTABLES -A INPUT -i $INTERNALIF -p udp --sport 68 --dport 67 -j ACCEPT

#Allow nameserver packets. Different versions of iptables seem to error here.
#Comment out if necessary.

cat /etc/resolv.conf | \
awk '/^nameserver/ {print $2}' | \
xargs -n1 $IPTABLES -A INPUT -p udp --sport 53 -j ACCEPT -s

#Allow Telstra hearbeat
#This section is propz to Defed
#$IPTABLES -A INPUT -p udp --sport 5050 -j ACCEPT
#$IPTABLES -A INPUT -p udp --sport 5051 -j ACCEPT

#From here on, we're dealing with connection attempts.
#The -m limit is a DoS protection on connects
#First we allow a certain amount of connections per second
#DROP the rest (so we don't DoS ourself with rejections)
#We don't limit normal packets (!syn) by allowing the rest
##Basic services. Uncomment to allow in.

# ftp-data
$IPTABLES -A INPUT -p tcp --dport 20 -j DROP
# ftp
$IPTABLES -A INPUT -p tcp --dport 21 -j DROP
# ssh
$IPTABLES -A INPUT -p tcp --dport 22 -j ACCEPT
#telnet
$IPTABLES -A INPUT -p tcp --dport 23 -j ACCEPT
# smtp One per second limt -burst rate of ten
#$IPTABLES -A INPUT -p tcp --dport 25 --syn -m limit --limit 1/s \
# --limit-burst 10 -j ACCEPT
#$IPTABLES -A INPUT -p tcp --dport 25 --syn -j DROP
#Correo electronico
$IPTABLES -A INPUT -p tcp --dport 25 -j ACCEPT

# DNS
$IPTABLES -A INPUT -p tcp --dport 53 -j ACCEPT
$IPTABLES -A INPUT -p udp --dport 53 -j ACCEPT
# http
$IPTABLES -A INPUT -p tcp --dport 80 -j ACCEPT
# POP-3
$IPTABLES -A INPUT -p tcp --dport 110 -j ACCEPT
# identd
#$IPTABLES -A INPUT -p tcp --dport 113 -j ACCEPT
# https
#$IPTABLES -A INPUT -p tcp --dport 443 -j ACCEPT
#VNC Server
#$IPTABLES -A INPUT -p tcp --dport 5801 -j ACCEPT
#$IPTABLES -A INPUT -p tcp --dport 5901 -j ACCEPT
#$IPTABLES -A INPUT -p tcp --dport 6001 -j ACCEPT
#Webmin
$IPTABLES -A INPUT -p tcp --dport 10000 -j ACCEPT
#pptp
$IPTABLES -A INPUT -p tcp --dport 1723 -j ACCEPT

##DNAT
#Modify addresses and uncomment to allow DNAT (port forwarding)

#Send web requests to an internal machine
#Send mail to an internal machine
#CONFIGURACION DE NAT TELNET
#$IPTABLES -A PREROUTING -t nat -i $EXTERNALIF -p tcp -d $MYADDR --dport 23 \
# -j DNAT --to 192.168.10.4:23
#$IPTABLES -A FORWARD -i $EXTERNALIF -p tcp -d 192.168.10.4 --dport 23 -j ACCEPT

##Some ports should be denied and logged.
$IPTABLES -A INPUT -p tcp --dport 1433 -m limit -j LOG \
--log-prefix "Firewalled packet: MSSQL "

$IPTABLES -A INPUT -p tcp --dport 1433 -j DROP
$IPTABLES -A INPUT -p tcp --dport 6670 -m limit -j LOG \
--log-prefix "Firewalled packet: Deepthrt "
$IPTABLES -A INPUT -p tcp --dport 6670 -j DROP
$IPTABLES -A INPUT -p tcp --dport 6711 -m limit -j LOG \
--log-prefix "Firewalled packet: Sub7 "
$IPTABLES -A INPUT -p tcp --dport 6711 -j DROP
$IPTABLES -A INPUT -p tcp --dport 6712 -m limit -j LOG \
--log-prefix "Firewalled packet: Sub7 "
$IPTABLES -A INPUT -p tcp --dport 6712 -j DROP
$IPTABLES -A INPUT -p tcp --dport 6713 -m limit -j LOG \
--log-prefix "Firewalled packet: Sub7 "
$IPTABLES -A INPUT -p tcp --dport 6713 -j DROP

$IPTABLES -A INPUT -p tcp --dport 12345 -m limit -j LOG \
--log-prefix "Firewalled packet: Netbus "
$IPTABLES -A INPUT -p tcp --dport 12345 -j DROP
$IPTABLES -A INPUT -p tcp --dport 12346 -m limit -j LOG \
--log-prefix "Firewalled packet: Netbus "
$IPTABLES -A INPUT -p tcp --dport 12346 -j DROP
$IPTABLES -A INPUT -p tcp --dport 20034 -m limit -j LOG \
--log-prefix "Firewalled packet: Netbus "
$IPTABLES -A INPUT -p tcp --dport 20034 -j DROP
$IPTABLES -A INPUT -p tcp --dport 31337 -m limit -j LOG \
--log-prefix "Firewalled packet: BO "
$IPTABLES -A INPUT -p tcp --dport 31337 -j DROP
$IPTABLES -A INPUT -p tcp --dport 6000 -m limit -j LOG \
--log-prefix "Firewalled packet: XWin "
$IPTABLES -A INPUT -p tcp --dport 6000 -j DROP

#Traceroutes depend on finding a rejected port. DROP the ones it uses

$IPTABLES -A INPUT -p udp --dport 33434:33523 -j DROP

#Don't log ident because it gets hit all the time eg connecting to an irc server
$IPTABLES -A INPUT -p tcp --dport 113 -j REJECT

#Don't log igmp. Some people get too many of these
$IPTABLES -A INPUT -p igmp -j REJECT
#Don't log web or ssl because people surfing for long times lose connection
#tracking and cause the system to create a new one, flooding logs.
$IPTABLES -A INPUT -p tcp --dport 80 -j REJECT
$IPTABLES -A INPUT -p tcp --dport 443 -j REJECT

##Catch all rules.
#iptables reverts to these if it hasn't matched any of the previous rules.
#Log. There's no point logging noise. There's too much of it.
#Just log connection requests
$IPTABLES -A INPUT -p tcp --syn -m limit --limit 5/minute -j LOG \
--log-prefix "Firewalled packet:"
$IPTABLES -A FORWARD -p tcp --syn -m limit --limit 5/minute -j LOG \
--log-prefix "Firewalled packet:"
#Reject
$IPTABLES -A INPUT -p tcp -j REJECT --reject-with tcp-reset
$IPTABLES -A INPUT -p all -j DROP

$IPTABLES -A FORWARD -p tcp -j REJECT --reject-with tcp-reset
$IPTABLES -A FORWARD -p all -j DROP
#Accept it anyway if it's only output
$IPTABLES -A OUTPUT -j ACCEPT

#Masquerade internal connections going out.
$IPTABLES -A POSTROUTING -t nat -o $EXTERNALIF -j MASQUERADE

$IPTABLES -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j \
REDIRECT --to-port 8080

exit 0

pon: sh -x

Imagen de Epe

pon:

sh -x /camino/al/rc.firewall restart

sh -x debugueará, como bien sabemos, el script y te dirá las reglas que fallan. Que deben ser de p2p me imagino si estás usando un script viejito. O intenta el ultimo http://cursos.ernestoperez.com/rc.firewall

Saludos
epe
--
EcuaLinux.com
Ecuador: +(593) 9 9246504, +(593) 2 3412402
USA: +1 404 795 0321, España: +34 917617884


Saludos
epe

EcuaLinux.com

+(593) 9 9924 6504

Servicios en Software Libre

use iptables -t filter -L, y

Imagen de edidanilo

use iptables -t filter -L, y obtuve

[root@linux4 ~]# iptables -t filter -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
DROP all -- anywhere anywhere
DROP all -- anywhere 127.0.0.0/8
ACCEPT all -- 10.2.19.0/24 anywhere
ACCEPT tcp -- anywhere 0.0.6.187
DROP all -- 10.2.19.0/24 anywhere
DROP icmp -- anywhere anywhere icmp echo-request l imit: avg 1/sec burst 5
DROP icmp -- anywhere anywhere icmp echo-request
DROP icmp -- anywhere 10.2.19.255
DROP icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTAB LISHED
ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns
ACCEPT udp -- pichincha.andinanet.net anywhere udp spt:domain
ACCEPT udp -- tungurahua.andinanet.net anywhere udp spt:domain
DROP tcp -- anywhere anywhere tcp dpt:ftp-data
DROP tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:telnet
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:10000
ACCEPT tcp -- anywhere anywhere tcp dpt:1723
LOG tcp -- anywhere anywhere tcp dpt:ms-sql-s li mit: avg 3/hour burst 5 LOG level warning prefix `Firewalled packet: MSSQL '
DROP tcp -- anywhere anywhere tcp dpt:ms-sql-s
LOG tcp -- anywhere anywhere tcp dpt:6670 limit: avg 3/hour burst 5 LOG level warning prefix `Firewalled packet: Deepthrt '
DROP tcp -- anywhere anywhere tcp dpt:6670
LOG tcp -- anywhere anywhere tcp dpt:6711 limit: avg 3/hour burst 5 LOG level warning prefix `Firewalled packet: Sub7 '
DROP tcp -- anywhere anywhere tcp dpt:6711
LOG tcp -- anywhere anywhere tcp dpt:6712 limit: avg 3/hour burst 5 LOG level warning prefix `Firewalled packet: Sub7 '
DROP tcp -- anywhere anywhere tcp dpt:6712
LOG tcp -- anywhere anywhere tcp dpt:6713 limit: avg 3/hour burst 5 LOG level warning prefix `Firewalled packet: Sub7 '
DROP tcp -- anywhere anywhere tcp dpt:6713
LOG tcp -- anywhere anywhere tcp dpt:12345 limit : avg 3/hour burst 5 LOG level warning prefix `Firewalled packet: Netbus '
DROP tcp -- anywhere anywhere tcp dpt:12345
LOG tcp -- anywhere anywhere tcp dpt:12346 limit : avg 3/hour burst 5 LOG level warning prefix `Firewalled packet: Netbus '
DROP tcp -- anywhere anywhere tcp dpt:12346
LOG tcp -- anywhere anywhere tcp dpt:20034 limit : avg 3/hour burst 5 LOG level warning prefix `Firewalled packet: Netbus '
DROP tcp -- anywhere anywhere tcp dpt:20034
LOG tcp -- anywhere anywhere tcp dpt:31337 limit : avg 3/hour burst 5 LOG level warning prefix `Firewalled packet: BO '
DROP tcp -- anywhere anywhere tcp dpt:31337
LOG tcp -- anywhere anywhere tcp dpt:x11 limit: avg 3/hour burst 5 LOG level warning prefix `Firewalled packet: XWin '
DROP tcp -- anywhere anywhere tcp dpt:x11
DROP udp -- anywhere anywhere udp dpts:traceroute :33523
REJECT tcp -- anywhere anywhere tcp dpt:auth reject -with icmp-port-unreachable
REJECT igmp -- anywhere anywhere reject-with icmp-po rt-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:http reject -with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:https rejec t-with icmp-port-unreachable
LOG tcp -- anywhere anywhere tcp flags:SYN,RST,A CK/SYN limit: avg 5/min burst 5 LOG level warning prefix `Firewalled packet:'
REJECT tcp -- anywhere anywhere reject-with tcp-res et
DROP all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
DROP icmp -- anywhere anywhere icmp echo-request
REJECT tcp -- anywhere anywhere tcp dpt:netbios-ns reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:netbios-dgm reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:netbios-ssn reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpt:netbios-ns reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpt:netbios-dgm reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpt:netbios-ssn reject-with icmp-port-unreachable
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:1723
DROP icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTAB LISHED
LOG tcp -- anywhere anywhere tcp flags:SYN,RST,A CK/SYN limit: avg 5/min burst 5 LOG level warning prefix `Firewalled packet:'
REJECT tcp -- anywhere anywhere reject-with tcp-res et
DROP all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere

Chain RH-Firewall-1-INPUT (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT ipv6-crypt-- anywhere anywhere
ACCEPT ipv6-auth-- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:5353
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTAB LISHED
REJECT all -- anywhere anywhere reject-with icmp-ho st-prohibited
[root@linux4 ~]#..........

..........
edidanilo
Gana mucho dinero
(593)-06-2832726
(593)-091351355

ejecute el comando sh

Imagen de edidanilo

ejecute el comando sh -x

[root@linux4 ~]# sh -x /etc/init.d/firewall restart
+ REDHAT=YES
+ INTERNALIF=eth0
+ INTERNALNET=10.2.19.0/24
+ INTERNALBCAST=10.2.19.255
+ EXTERNALIF=eth1
+ EXTERNALNET=190.11.27.0/24
+ MYADDR=190.11.27.151
+ DMESG=/bin/dmesg
++ which iptables
+ IPTABLES=/sbin/iptables
+ MODPROBE=/sbin/modprobe
+ '[' XYES = XYES ']'
+ . /etc/rc.d/init.d/functions
++ TEXTDOMAIN=initscripts
++ umask 022
++ PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin
++ export PATH
++ '[' -z '' ']'
++ COLUMNS=80
++ '[' -z '' ']'
+++ /sbin/consoletype
++ CONSOLETYPE=pty
++ '[' -f /etc/sysconfig/i18n -a -z '' ']'
++ . /etc/sysconfig/i18n
+++ LANG=es_EC.UTF-8
+++ SUPPORTED=es_EC.UTF-8:es_EC:es
+++ SYSFONT=latarcyrheb-sun16
++ '[' pty '!=' pty ']'
++ '[' -n '' ']'
++ export LANG
++ '[' -z '' ']'
++ '[' -f /etc/sysconfig/init ']'
++ . /etc/sysconfig/init
+++ BOOTUP=color
+++ GRAPHICAL=yes
+++ RES_COL=60
+++ MOVE_TO_COL='echo -en \033[60G'
+++ SETCOLOR_SUCCESS='echo -en \033[0;32m'
+++ SETCOLOR_FAILURE='echo -en \033[0;31m'
+++ SETCOLOR_WARNING='echo -en \033[0;33m'
+++ SETCOLOR_NORMAL='echo -en \033[0;39m'
+++ LOGLEVEL=3
+++ PROMPT=yes
++ '[' pty = serial ']'
++ '[' color '!=' verbose ']'
++ INITLOG_ARGS=-q
+ case "$1" in
+ /etc/init.d/firewall stop
Shutting down firewall: [ OK ]
+ exec /etc/init.d/firewall start
Starting Firewall: [ OK ]
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
[root@linux4 ~]#

..........
edidanilo
Gana mucho dinero
(593)-06-2832726
(593)-091351355