iptables error message

[mpplf2003]

I have tried out replacing the ipchains firewall on a Red Hat machine with an iptables script - I made up the script to go into /etc/sysconfig following an example I read - when I re-booted the machine, when it got to the firewall point I got a message

I get "Applying IPTables Firewall Rules" but also then get a message 'bad argument echo try iptables-restore -h or iptables-restore --help'

As far as I know this means there is an error in the loader script in /etc/rc.d/inet.d which is what was put there at install - I did find one echo line that I thought should have the -n argument after it, but the only change when I edited the file was that the error message then only took up one line in the boot script instead of wrapping as previously.

Anyone know of what the error may refer to exactly? The script in question has 'iptables-restore -c' in it, I cannot see from the man file what would be wrong with that.

Michael.

[Dolda2000]

It seems that the script tries to pass "echo" to iptables-restore. What's the entire line that invokes iptables-restore?

[mpplf2003]

The relevant line/s I believe is/are:

echo $"Applying iptables firewall rules"
grep -v "^[[:space:]]*#" $IPTABLES_CONFIG | grep -v '^[[:space:]]*$' | /sbin/iptables-restore -c $$ \
success $"Applying iptables firewall rules" || \
failure $"Applying iptables firewall rules"
echo
touch /var/lock/subys/iptables

(I added '-n' after the first echo to try it, the above is the original).

I notice that the second expression after the second grep uses ' whereas te first uses ".

I have not studied bash enough yet to be very aware about such scripts

Michael.

[Dolda2000]

That yields no immediate explanation. Let's skip some steps in the troubleshooting chain and go directly on this: Add the following line after the initial #!/bin/sh:

Code:

trap 'echo $LINENO' DEBUG

That way you'll find out at what line to look, since it will print the current line number before every command is executed.

[mpplf2003]

I am late replying to your message - I seem to have missed the notification or something.

this is the result of adding the line you suggest to the iptables file in init.d:

39
Flushing all current rules and user defined chains [OK]
Clearing all current rules and user defined chains [OK]
Applying iptables firewall rules: Bad Argument 'echo' [OK]
Try 'iptables-restore -h' or 'iptables-restore --help' for more information [FAILED]
175

Michael

[Dolda2000]

But that's impossible! You should get more line number messages.
Anyway, what RedHat version are you using?

[mpplf2003]

yes - it does show the line numbers before 39 too, but no messages with the line numbers then the message lines after the 39 then the 175 which is about the last line in the file!

The only apparent error messaging is the one to do with the echo, and then the iptables-restore bit.

The version of Red Hat is release 7.3 (Valhalla).

Michael.