Hi,
i have the following script in my /usr/local/sbin/post-firewall
Code:
1: #!/bin/sh
2:
3: ## Set default policy
4: iptables -P INPUT DROP
5:
6: ## Removes last default rule
7: iptables -D INPUT -j DROP
8:
9: ## Deny access to ftp from WAN
10: iptables -D INPUT -p tcp -m tcp -d "$2" --dport 21 -j ACCEPT
11:
12: ## Allow access to ssh from WAN
13: iptables -A INPUT -p tcp --syn --dport 22 -j brute_force
14:
15: ## Block ssh brute force attacks
16: iptables -N brute_force
17: iptables -F brute_force
18: iptables -A brute_force -m state --state NEW -m recent --name attack --set
19: iptables -A brute_force -m recent --name attack --rcheck --seconds 60 --hitcount 4 -m limit --limit 1/minute --limit-burst 1 -j LOG --log-prefix 'SSH brute force attack '
20: iptables -A brute_force -m recent --name attack --rcheck --seconds 60 --hitcount 4 -j DROP
21: iptables -A brute_force -j ACCEPT
when i run it manually i get the following errors:
--- 7 ---
iptables: Bad rule (does a matching rule exist in that chain?)
--- 10 ---
iptables v1.2.7a: host/network `' not found
Try `iptables -h' or 'iptables --help' for more information.
--- 16 ---
iptables: Chain already exists
--- 18 ---
iptables: No chain/target/match by that name
--- 19 ---
iptables: No chain/target/match by that name
--- 20 ---
iptables: No chain/target/match by that name
Line 10 is ok because i don't give any arguments to post-firewall, and 16 because the chain allready does exist because of previous attempts.
But i can't understand errors in line 7,18,19 and 20, specially the number 7. Could someone please help me out?
Thank you.