OLá pessoal, estou tentando entender esta regars o qual é simples, mas quando starto o script e executo o comando para parar aparece estes erros
[root@servidor jgama]# trava_msn.sh stop Liberando msn...iptables: Bad rule (does a matching rule exist in that chain?) iptables: Bad rule (does a matching rule exist in that chain?) iptables: Bad rule (does a matching rule exist in that chain?) iptables: Bad rule (does a matching rule exist in that chain?) iptables: Bad rule (does a matching rule exist in that chain?) feito.
O que tem de errado neste script, ou melhor na regras de apagar
#!/bin/bash case "$1" in start) for i in $(cat /root/maquinas.txt) do /sbin/iptables -A FORWARD -p tcp -s $i -d 0/0 --dport 1863:1864 -j DROP /sbin/iptables -A FORWARD -p udp -s $i -d 0/0 --dport 1863:1864 -j DROP /sbin/iptables -A FORWARD -p tcp -s $i -d 0/0 --dport 6891:6901 -j DROP /sbin/iptables -A FORWARD -p tcp -s $i -d 0/0 --dport 5190 -j DROP /sbin/iptables -A FORWARD -s $i -d loginnet.passport.com -j DROP # /sbin/iptables -A FORWARD -s $i -m string --string "msn" -j DROP # /sbin/iptables -A FORWARD -s $i -m string --string "Msn" -j DROP # /sbin/iptables -A FORWARD -s $i -m string --string "MSN" -j DROP echo "$i travada para msn." done ;; *stop) for i in $(cat /root/maquinas.txt) do echo -n "Liberando msn..." /sbin/iptables -D FORWARD -p tcp -s $i -d 0/0 --dport 1863:1864 -j DROP /sbin/iptables -D FORWARD -p udp -s $i -d 0/0 --dport 1863:1864 -j DROP /sbin/iptables -D FORWARD -p tcp -s $i -d 0/0 --dport 6891:6901 -j DROP /sbin/iptables -D FORWARD -p tcp -s $i -d 0/0 --dport 5190 -j DROP /sbin/iptables -D FORWARD -s $i -d loginnet.passport.com -j DROP # /sbin/iptables -D FORWARD -s $i -m string --string "msn" -j DROP # /sbin/iptables -D FORWARD -s $i -m string --string "Msn" -j DROP # /sbin/iptables -D FORWARD -s $i -m string --string "MSN" -j DROP echo "feito." done ;; esac *
Falta especificar a que tabela se referem as regras. Neste caso é a de filtro (filter). Em todas as linhas antes da cadeia (chain... INPU, FORWARD...) tens de inserir a tabela, por exemplo: /sbin/iptables -t filter -A FORWARD -p tcp -s $i -d 0/0 --dport 1863:1864 -j DROP
Jose Valdir Gama wrote:
OLá pessoal, estou tentando entender esta regars o qual é simples, mas quando starto o script e executo o comando para parar aparece estes erros
[root@servidor jgama]# trava_msn.sh stop Liberando msn...iptables: Bad rule (does a matching rule exist in that chain?) iptables: Bad rule (does a matching rule exist in that chain?) iptables: Bad rule (does a matching rule exist in that chain?) iptables: Bad rule (does a matching rule exist in that chain?) iptables: Bad rule (does a matching rule exist in that chain?) feito.
O que tem de errado neste script, ou melhor na regras de apagar
#!/bin/bash case "$1" in start) for i in $(cat /root/maquinas.txt) do /sbin/iptables -A FORWARD -p tcp -s $i -d 0/0 --dport 1863:1864 -j DROP /sbin/iptables -A FORWARD -p udp -s $i -d 0/0 --dport 1863:1864 -j DROP /sbin/iptables -A FORWARD -p tcp -s $i -d 0/0 --dport 6891:6901 -j DROP /sbin/iptables -A FORWARD -p tcp -s $i -d 0/0 --dport 5190 -j DROP /sbin/iptables -A FORWARD -s $i -d loginnet.passport.com http://loginnet.passport.com -j DROP # /sbin/iptables -A FORWARD -s $i -m string --string "msn" -j DROP # /sbin/iptables -A FORWARD -s $i -m string --string "Msn" -j DROP # /sbin/iptables -A FORWARD -s $i -m string --string "MSN" -j DROP echo "$i travada para msn." done ;; *stop) for i in $(cat /root/maquinas.txt) do echo -n "Liberando msn..." /sbin/iptables -D FORWARD -p tcp -s $i -d 0/0 --dport 1863:1864 -j DROP /sbin/iptables -D FORWARD -p udp -s $i -d 0/0 --dport 1863:1864 -j DROP /sbin/iptables -D FORWARD -p tcp -s $i -d 0/0 --dport 6891:6901 -j DROP /sbin/iptables -D FORWARD -p tcp -s $i -d 0/0 --dport 5190 -j DROP /sbin/iptables -D FORWARD -s $i -d loginnet.passport.com http://loginnet.passport.com -j DROP # /sbin/iptables -D FORWARD -s $i -m string --string "msn" -j DROP # /sbin/iptables -D FORWARD -s $i -m string --string "Msn" -j DROP # /sbin/iptables -D FORWARD -s $i -m string --string "MSN" -j DROP echo "feito." done ;; esac
-- Sumare- SP jgamasystem - Linux a toda Prova
CentOS-pt-br mailing list CentOS-pt-br@centos.org http://lists.centos.org/mailman/listinfo/centos-pt-br
discuss-pt-br@lists.centos.org
-
Jose Valdir Gama -
João Mota