View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions CentOS 6.2 IPTables Error
Log in to Ask a Question

CentOS 6.2 IPTables Error

development

Hi,

I'm trying to edit my iptables but am getting an error when I try to restart the service…

I've pasted the commands and output here: http://paste.linode.com/6689

The rule seems to save and apply ok but the error always comes up when I restart the service

Appreciate any help you guys can give with this :D, thanks

6 Replies

Should have just added it to your other thread…

Not a CentOS guy… but a quick Google showed:

The issue you are experiencing with iptables is happening due to paravirt kernel having a "security" chain compiled into it, and the default "iptables" init script included with CentOS does not know how to handle it. You can resolve this issue by downloading an amended version of the "iptables" init script.

Thanks for the reply Dweeber

The paste on http://epoxie.net/12023.txt doesn't exists though

I tried chmodding the iptables file anyway and restarting the service, but the error still comes up…

i updated my post apparently after you saw it. I don't have a link to the updated init script but it should be on one of the CentOS forums.

Ignore the error, it's not important. It's just a consequence of not using the vendor kernel. It still works.

# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ssh-drop  tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22 flags:0x17/0x02 recent: UPDATE seconds: 60 hit_count: 5 name: ssh side: source 
           tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22 flags:0x17/0x02 recent: SET name: ssh side: source 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain ssh-drop (1 references)
target     prot opt source               destination         
LOG        all  --  0.0.0.0/0            0.0.0.0/0           limit: avg 2/min burst 5 LOG flags 0 level 4 prefix `FIREWALL:SSH-DROPPED ' 
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 

# service iptables restart
Flushing firewall rules:                                             [  OK  ]
Setting chains to policy ACCEPT: security raw nat mangle filter      [FAILED]
Unloading iptables modules:                                          [  OK  ]
Applying iptables firewall rules:                                    [  OK  ]
Loading additional iptables modules: ip_conntrack_netbios_ns         [FAILED]

# iptables -L -n          
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ssh-drop  tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22 flags:0x17/0x02 recent: UPDATE seconds: 60 hit_count: 5 name: ssh side: source 
           tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22 flags:0x17/0x02 recent: SET name: ssh side: source 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain ssh-drop (1 references)
target     prot opt source               destination         
LOG        all  --  0.0.0.0/0            0.0.0.0/0           limit: avg 2/min burst 5 LOG flags 0 level 4 prefix `FIREWALL:SSH-DROPPED ' 
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable

Thanks for the reply sweh, appreciate the help!

Good to know it's not a 'real' error…

Any way to suppress it though, me no like errors!!!

This should do the needful:

cd /etc/init.d/
cp iptables ~/iptables.backup
wget http://epoxie.net/14857.txt
patch -p1 < 14857.txt   # if prompted, specify /etc/init.d/iptables as the file to be patched
rm 14857.txt

-Tim

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct