[KLUG Members] ipcop ipchains rules
Bruce Smith
members@kalamazoolinux.org
20 Feb 2002 11:35:00 -0500
> 0 23 * * * /sbin/ipchains -I ethernetout 1 -i eth1 -j DENY
> 0 23 * * * /sbin/ipchains -I ethernetin 1 -i eth1 -j DENY
>
> 0 6 * * * /sbin/ipchains -D ethernetout 1 -i eth1
> 0 6 * * * /sbin/ipchains -D ethernetin 1 -i eth1
>
> When I type the /sbin/ipchains part of the listings in at the command prompt
> I first get the error "ethernetout chain name too long must be 8 characters
> or less"
>
> I change the name to etherout and run the command again and get the error "no
> target by that name".
>
> Any suggestions on what I am doing wrong??
I took a quick look at the chains on my IPCOP box, and I would
*GUESS* that you should use "ipac_in" and "ipac_out" instead of
ethernetin & ethernetout.
It also appears you might be able to use a single ipchains command
using the chain name "ipac_bth" to handle both in & out at once.
I'm not home, so I can't try it now (without locking myself out).
This also assumes you are running version 0.1.1 with the latest update.
--------------------------------------------
Bruce Smith bruce@armintl.com
System Administrator / Network Administrator
Armstrong International, Inc.
Three Rivers, Michigan 49093 USA
http://www.armstrong-intl.com/
--------------------------------------------