Hello to the list,
I have an error driving me crazy. I noticed there are no
comma''s in the script. OR is there a fix for this?
Compiling /etc/shorewall/rules...
ERROR: Couldn''t parse /etc/shorewall/SSHKnock: Bad name after
SSHKnock''
at (eval 6) line 15, <$currentfile> line 39.
: /etc/shorewall/rules (line 39)
ns5:/var/log/samba # uname -r
2.6.18.8-0.5-default
ns5:/var/log/samba # shorewall version
4.0.2
ns5:/var/log/samba #
------------------------------------------------I believe the error is in
this script: Note I added commas
has the same error?
use Shorewall::Chains;
if ( $level ) {
log_rule_limit( $level,
$chainref,
''SSHKnock'',
''ACCEPT'',
'''',
$tag,
''add'',
''-p tcp --dport 22 -m recent --rcheck --name SSH
);
log_rule_limit( $level,
$chainref,
''SSHKnock,
''DROP'',
'''',
$tag,
''add'',
''-p tcp --dport ! 22'' );
}
add_rule( $chainref, ''-p tcp --dport 22 -m recent --rcheck --seconds
60 --name SSH -j ACCEPT'' );
add_rule( $chainref, ''-p tcp --dport 1599 -m
--name SSH --remove -j DROP'' );
add_rule( $chainref, ''-p tcp --dport 1600 -m
--name SSH --set -j DROP'' );
add_rule( $chainref, ''-p tcp --dport 1601 -m
--name SSH --remove -j DROP'' );
1;
Thank you,
Mike
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
----- Original Message -----
From: "Mike Lander" <landers@lanlinecomputers.com>
To: "Shorewall" <shorewall-users@lists.sourceforge.net>
Sent: Monday, August 27, 2007 9:50 AM
Subject: [Shorewall-users] Error Parsing SSHKnock with Shorewall Per
: Hello to the list,
: I have an error driving me crazy. I noticed there are no
: comma''s in the script. OR is there a fix for this?
:
: Compiling /etc/shorewall/rules...
: ERROR: Couldn''t parse /etc/shorewall/SSHKnock: Bad name after
SSHKnock''
: at (eval 6) line 15, <$currentfile> line 39.
: : /etc/shorewall/rules (line 39)
: ns5:/var/log/samba # uname -r
: 2.6.18.8-0.5-default
: ns5:/var/log/samba # shorewall version
: 4.0.2
: ns5:/var/log/samba #
: ------------------------------------------------I believe the error is in
: this script: Note I added commas
: has the same error?
: use Shorewall::Chains;
:
: if ( $level ) {
: log_rule_limit( $level,
: $chainref,
: ''SSHKnock'',
: ''ACCEPT'',
: '''',
: $tag,
: ''add'',
: ''-p tcp --dport 22 -m recent --rcheck --name SSH
);
:
: log_rule_limit( $level,
: $chainref,
: ''SSHKnock,
: ''DROP'',
: '''',
: $tag,
: ''add'',
: ''-p tcp --dport ! 22'' );
: }
:
: add_rule( $chainref, ''-p tcp --dport 22 -m recent --rcheck
--seconds
: 60 --name SSH -j ACCEPT'' );
: add_rule( $chainref, ''-p tcp --dport 1599 -m
: --name SSH --remove -j DROP'' );
: add_rule( $chainref, ''-p tcp --dport 1600 -m
: --name SSH --set -j DROP'' );
: add_rule( $chainref, ''-p tcp --dport 1601 -m
: --name SSH --remove -j DROP'' );
:
: 1;
: Thank you,
: Mike
Sorry for the double post
my flavor is Open Suse 10.2
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
On Mon, Aug 27, 2007 at 09:50:19AM -0700, Mike Lander wrote:> ------------------------------------------------I believe the error is in > this script: Note I added commas > has the same error?Why did you have to add commas? Were there not already commas in the example in the article? If that is the case, at what URL are you reading the article? Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
Mike Lander wrote:> Hello to the list, > I have an error driving me crazy. I noticed there are no > comma''s in the script. OR is there a fix for this? > > Compiling /etc/shorewall/rules... > ERROR: Couldn''t parse /etc/shorewall/SSHKnock: Bad name after SSHKnock'' > at (eval 6) line 15, <$currentfile> line 39. > : /etc/shorewall/rules (line 39) > ns5:/var/log/samba # uname -r > 2.6.18.8-0.5-default > ns5:/var/log/samba # shorewall version > 4.0.2 > ns5:/var/log/samba # > ------------------------------------------------I believe the error is in > this script: Note I added commas > has the same error? > use Shorewall::Chains; > > if ( $level ) { > log_rule_limit( $level, > $chainref, > ''SSHKnock'', > ''ACCEPT'', > '''', > $tag, > ''add'', > ''-p tcp --dport 22 -m recent --rcheck --name SSH ); >The above line is missing a single quote after SSH. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
Mike Lander wrote:> > I thought since the top part of the script had commas after > ''SSHKnock'' then maybe it was an oversight that the bottom part > of the script did not have commas. eighter way it had the same error > I was reading http://shorewall.net/PortKnocking.html >I believe that http://www1.shorewall.net/PortKnocking.html is now correct. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
Mike Lander wrote:> Now getting different trouble > > Preparing iptables-restore input... > Running iptables-restore... > iptables-restore v1.3.6: Unknown arg `--name'' > Error occurred at line: 131 > Try `iptables-restore -h'' or ''iptables-restore --help'' for more information. > ERROR: iptables-restore Failed. Input is in > /var/lib/shorewall/.iptables-restore-input > Processing /etc/shorewall/stop ... > /etc/iproute2/rt_tables database restored > Shorewall-generated routing tables and routing rules removed > IP Forwarding Enabled > Processing /etc/shorewall/stopped ... > /sbin/shorewall: line 375: 15670 Terminated ${VARDIR}/.start > $debugging start > ns5:~ # > ns5:~ #Mike -- the code at http://www1.shorewall.net/PortKnocking.html works for me. All I did was copy/paste from the web page. At any rate, no one here can do anything with the above information. You have the failing /var/lib/shorewall/.iptables-restore-input file so you are going to have to be the one to look at it and see what is wrong with line 131. We can''t see it from here. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
Mike Lander wrote:> <snip> from /var/lib/shorewall/.iptables-restore-input file > line 131 is ''--name SSH -j ACCEPT'' below > > > > -A Reject -p 6 -m multiport --dports 135,139,445 -j reject > -A Reject -p 17 --dport 1900 -j DROP > -A Reject -p 6 -j dropNotSyn > -A Reject -p 17 --sport 53 -j DROP > -A SSHKnock -p tcp --dport 22 -m recent --rcheck --seconds 60 > --name SSH -j ACCEPT > -A SSHKnock -p tcp --dport 1599 -m recent > --name SSH --remove -j DROP > -A SSHKnock -p tcp --dport 1600 -m recent > --name SSH --set -j DROP > -A SSHKnock -p tcp --dport 1601 -m recent >You have extra newline characters in your source. Each ''-A'' command should be on a single line. Attached is the correct /etc/shorewall/SSHKnock -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
----- Original Message ----- From: "Tom Eastep" <teastep@shorewall.net> To: "Shorewall Users" <shorewall-users@lists.sourceforge.net> Sent: Monday, August 27, 2007 3:14 PM Subject: Re: [Shorewall-users] Error Parsing SSHKnock with Shorewall Per Mike Lander wrote:> <snip> from /var/lib/shorewall/.iptables-restore-input file > line 131 is ''--name SSH -j ACCEPT'' below > > > > -A Reject -p 6 -m multiport --dports 135,139,445 -j reject > -A Reject -p 17 --dport 1900 -j DROP > -A Reject -p 6 -j dropNotSyn > -A Reject -p 17 --sport 53 -j DROP > -A SSHKnock -p tcp --dport 22 -m recent --rcheck --seconds 60 > --name SSH -j ACCEPT > -A SSHKnock -p tcp --dport 1599 -m recent > --name SSH --remove -j DROP > -A SSHKnock -p tcp --dport 1600 -m recent > --name SSH --set -j DROP > -A SSHKnock -p tcp --dport 1601 -m recent >You have extra newline characters in your source. Each ''-A'' command should be on a single line. Attached is the correct /etc/shorewall/SSHKnock -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key -------------------------------------------------------------------------------- use Shorewall::Chains; if ( $level ) { log_rule_limit( $level, $chainref, ''SSHKnock'', ''ACCEPT'', '''', $tag, ''add'', ''-p tcp --dport 22 -m recent --rcheck --name SSH'' ); log_rule_limit( $level, $chainref, ''SSHKnock'', ''DROP'', '''', $tag, ''add'', ''-p tcp --dport ! 22'' ); } add_rule( $chainref, ''-p tcp --dport 22 -m recent --rcheck --seconds 60 --name SSH -j ACCEPT'' ); add_rule( $chainref, ''-p tcp --dport 1599 -m --name SSH --remove -j DROP'' ); add_rule( $chainref, ''-p tcp --dport 1600 -m --name SSH --set -j DROP'' ); add_rule( $chainref, ''-p tcp --dport 1601 -m --name SSH --remove -j DROP'' ); 1; That did it Tom, THank you, Mike -------------------------------------------------------------------------------- ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/