Hi All, Can you please check if you are using arno's script whether you are also getting errors like these on start up? =========================================== # /etc/init.d/arno-iptables-firewall start * Use of the opts variable is deprecated and will be * removed in the future. * Please use extra_commands, extra_started_commands or extra_stopped_commands. * Loading Firewall... ... Arno's Iptables Firewall Script v1.9.2d ------------------------------------------------------------------------------- NOTE: External interface ppp0 does NOT exist (yet?) Sanity checks passed...OK Checking/probing IPv4 Iptables modules: Module check done... Setting the kernel ring buffer to only log panic messages to the console Setup kernel settings: Setting the max. amount of simultaneous connections to 16384 Setting default conntrack timeouts Enabling protection against source routed packets DISABLING packet forwarding Enabling reduction of the DoS'ing ability Enabling anti-spoof with rp_filter Enabling SYN-flood protection via SYN-cookies Disabling the logging of martians Disabling the acception of ICMP-redirect messages Setting default TTL=64 Disabling ECN (Explicit Congestion Notification) Enabling kernel support for dynamic IPs Flushing route table Kernel setup done... Initializing firewall chains Setting default INPUT/FORWARD policy to DROP (Re)loading list of BLOCKED hosts from /etc/arno-iptables-firewall/blocked- hosts... 0 line(s) read. 0 host(s) blocked. Using loglevel "info" for syslogd
Setting up firewall rules:
-------------------------------------------------------------------------------
Enabling setting the maximum packet size via MSS
Logging of stealth scans (nmap probes etc.) enabled
(1) iptables: No chain/target/match by that name.
(1) iptables: No chain/target/match by that name.
(1) iptables: No chain/target/match by that name.
(1) iptables: No chain/target/match by that name.
(1) iptables: No chain/target/match by that name.
(1) iptables: No chain/target/match by that name.
(1) iptables: No chain/target/match by that name.
Logging of packets with bad TCP-flags enabled
(1) iptables: No chain/target/match by that name.
(1) iptables: No chain/target/match by that name.
... [snip ...]
Security is ENFORCED for external interface(s) in the FORWARD chain
(1) iptables: No chain/target/match by that name.
Aug 25 7:59:36 WARNING: Not all firewall rules are applied.
* WARNING: Failed to load Firewall [ !! ]
* ERROR: arno-iptables-firewall failed to start
===========================================
They repeat themselves a number of times, usually after "Logging of packets
..." statements. Despite the failed to start message above, iptables seem to
have loaded fine:
===========================================
# /sbin/iptables -L -v -n
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 BASE_INPUT_CHAIN all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 INPUT_CHAIN all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 HOST_BLOCK all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 SPOOF_CHK all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 VALID_CHK all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 EXT_INPUT_CHAIN !icmp -- eth0 * 0.0.0.0/0
0.0.0.0/0 state NEW
0 0 EXT_INPUT_CHAIN icmp -- eth0 * 0.0.0.0/0
0.0.0.0/0 state NEW limit: avg 60/sec burst 100
0 0 EXT_ICMP_FLOOD_CHAIN icmp -- eth0 * 0.0.0.0/0
0.0.0.0/0 state NEW
0 0 VALID_CHK all -- wlan0 * 0.0.0.0/0 0.0.0.0/0
0 0 EXT_INPUT_CHAIN !icmp -- wlan0 * 0.0.0.0/0
0.0.0.0/0 state NEW
0 0 EXT_INPUT_CHAIN icmp -- wlan0 * 0.0.0.0/0
0.0.0.0/0 state NEW limit: avg 60/sec burst 100
0 0 EXT_ICMP_FLOOD_CHAIN icmp -- wlan0 * 0.0.0.0/0
0.0.0.0/0 state NEW
[snip ...]
===========================================
I diff'ed the previous kernel-3.3.8-gentoo and the new kernel-3.4.9-gentoo and
I can't see any changes that would cause these errors. I attach it for the
more eagle-eye amongst you.
Any ideas?
--
Regards,
Mick
diff_oldconfig.txt.bz2
Description: application/bzip
signature.asc
Description: This is a digitally signed message part.
