Linux – IPTABLES command that end with ACCEPT or DROP fail on service firewall restart

centosfirewalliptableslinux

I have a CENTOS Linux VPS.
I have the following in my IPTABLES script to run when my VPN restarts, but I get errors when I do a service firewall restart

I've ran each of the commands below manually and they work.
According to Host Gator in order for the IPTABLES rules to persist I need to place them in the

/etc/firewall/INCLUDE

file, so I inserted the commands in the file, but the commands that end with ACCEPT or DROP give the errors when I execute the service firewall restart command.

Here is my INCLUDE file:

  1 iptables -A INPUT -p tcp -m tcp --dport 3000 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
  2 iptables -A INPUT -i lo -j ACCEPT
  3 iptables -A OUTPUT -o lo -j ACCEPT
  4 iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
  5 iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  6 iptables -A INPUT -p tcp --dport 5622  -m state --state NEW -j ACCEPT
  7 iptables -A INPUT -p tcp --dport 80  -m state --state NEW -j ACCEPT
  8 iptables -A INPUT -p tcp --dport 4643  -m state --state NEW -j ACCEPT
  9 iptables -A INPUT -p tcp --dport 22  -m state --state NEW -j ACCEPT
 10 iptables -A INPUT -p ICMP --icmp-type 8 -j ACCEPT
 11 iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
 12 iptables -I INPUT -p tcp --dport 3000 --syn -j ACCEPT
 13 iptables -t nat -I PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 3000
 14 iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 3000
 15 iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
 16 iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
 17 iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
 18 iptables -A INPUT -j DROP -p ALL

Errors:

Running file /etc/firewall/INCLUDE
'ptables v1.4.7: Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.4.7: Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.4.7: Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.4.7: Invalid target name `DROP
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.4.7: Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.4.7: Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.4.7: Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.4.7: Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.4.7: Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.4.7: Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.4.7: Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.4.7: Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.4.7: Invalid target name `DROP
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.4.7: Invalid target name `DROP
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.4.7: Invalid target name `DROP
Try `iptables -h' or 'iptables --help' for more information.

How do I fix the command so they are accepted on when I restart the firewall?

Best Answer

I think I found the answer already: There are ^M characters after every newline. I believe if I remove them the commands will work. I'm using VIM and if I view them in vim by doing a ':e ++ff=unix' it shows '^M' after every newline.

Related Topic