How to fix iptables?


Struggling with an old Linux kernel (2.4.19) with the version of iptables 1.2.2
This version needed to work one of the old software.
An error occurs when you start and configure iptables using a script.


The result is a file /etc/sysconfig/iptables the following:

Here is the entire script for initial configuration:

Error in line 285 is the second last command "esac"

The result of iptables does not work: it does not perceive and does not write them to config /etc/sysconfig/iptables
Help to understand!
March 23rd 20 at 19:40
1 answer
March 23rd 20 at 19:42
Error in line 285 is the second last command "esac"
Well, if you count the rows on the lined script, 285 string is
[ -e "$VAR_SUBSYS_IPTABLES" ] && restart, not a "esac"

A cursory view one error in the script I noticed: the lines 125-126 need to remove, this is a mistaken copy-paste the following lines
$IPTABLES-t mangle -P PREROUTING policy $policy \
 && $IPTABLES-t mangle -P POSTROUTING $policy \

 $IPTABLES-t mangle -P PREROUTING policy $policy \
 && $IPTABLES-t mangle -P POSTROUTING $policy \
 && $IPTABLES-t mangle -P INPUT $policy \
 && $IPTABLES-t mangle -P OUTPUT $policy \
 && $IPTABLES-t mangle -P FORWARD $policy \
 || let ret+=1
Yes, you are right the copy-paste accidentally got into the text of the link when I copied and pasted it from the window of putti, sorry. In the original file it is not.
Line numbering doesn't match, so I made a reservation that 285 string is the command "esac", the second from the end.

I read that the file /etc/sysconfig/iptables, you can manually edit, though not recommended.
Or is that too difficult? - darrick commented on March 23rd 20 at 19:45
/etc/sysconfig/iptables, you can manually edit

Can. The fact that different distros and different versions of different standard tools work with iptables. Personally, I have always run iptables manually, as the years went by and I was too lazy to delve into, "through which scripts to steer iptables fashionable in this year." Once made by hand, I like and understand and reproduce it on different servers. Then 10 years later think what we need to do differently. Remade - and again there is no dependence on regular scripts. Now that's a regular run through systemd, and I like it manually, and left. :) Conservative and predictable.
For one detail. I'm living fine without all these start\stop\restart\status\... because I have never had a need to stop the iptables. Just apply rules on server startup and all. restart iptables for me is no different from just start. Here is the whole script to start\restart:
iptables-restore < /etc/iptables.up.rules

Well, the rules themselves are in /etc/iptables.up.rules in the same format that saves iptables-save. - rory_Fisher commented on March 23rd 20 at 19:48
@rory_Fisher, will score on the script, especially because it doesn't work.
It seems easier to make the file manually than to figure out why the script doesn't work.
Thank you very much for the tip! I note it as the answer to my question.

What does this mean...)
And throw off any sample rules file, to make it easier to understand..? - darrick commented on March 23rd 20 at 19:51
@beula, cleaned a little (especially a lot of lines cut in the white list and the black list, those that remained - only for example, and then some very very paranoid and not the typical rules thrown out). Less than 300 remained, along with a review :) - rory_Fisher commented on March 23rd 20 at 19:54
Thank You so much for helping a beginner!
I'll sit to understand the issue. - darrick commented on March 23rd 20 at 19:57

Find more questions by tags FedoraIptables