Erro na sintax [RESOLVIDO]

1. Erro na sintax [RESOLVIDO]

victor.p
(usa Ubuntu)

Enviado em 18/06/2013 - 16:54h

Boa tarde,

Estou querendo bloquear o facebook via https aqui na empresa, estou usado o IPcop 2.0.3, então aqui um script (aqui na VOL) e fui testar ele, porém esse fica dando um erro.

Erro:
iptables: Chain already exists.
iptables v1.4.12.2: option "--dst-range" requires an argument
Try `iptables -h' or 'iptables --help' for more information.
./rc.facebook: line 7: 66.220.144.0-66.220.159.255: command not found
iptables v1.4.12.2: option "--dst-range" requires an argument
Try `iptables -h' or 'iptables --help' for more information.
./rc.facebook: line 9: 69.63.176.0-69.63.191.255: command not found
iptables v1.4.12.2: option "--dst-range" requires an argument
Try `iptables -h' or 'iptables --help' for more information.
./rc.facebook: line 11: 204.15.20.0-204.15.23.255: command not found
iptables v1.4.12.2: option "--dst-range" requires an argument
Try `iptables -h' or 'iptables --help' for more information.
./rc.facebook: line 13: 66.220.144.0-66.220.159.255: command not found
iptables v1.4.12.2: option "--dst-range" requires an argument
Try `iptables -h' or 'iptables --help' for more information.
./rc.facebook: line 15: 69.63.176.0-69.63.191.255: command not found
iptables v1.4.12.2: option "--dst-range" requires an argument
Try `iptables -h' or 'iptables --help' for more information.
./rc.facebook: line 17: 204.15.20.0-204.15.23.255: command not found

Script:

#!/bin/bash

FACEBOOK_ALLOW="192.168.1.12 192.168.1.14 192.168.1.111"
iptables -N FACEBOOK

iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range
66.220.144.0-66.220.159.255 --dport 443 -j FACEBOOK
iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range
69.63.176.0-69.63.191.255 --dport 443 -j FACEBOOK
iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range
204.15.20.0-204.15.23.255 --dport 443 -j FACEBOOK
iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range
66.220.144.0-66.220.159.255 --dport 80 -j FACEBOOK
iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range
69.63.176.0-69.63.191.255 --dport 80 -j FACEBOOK
iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range
204.15.20.0-204.15.23.255 --dport 80 -j FACEBOOK

## FACEBOOK ALLOW
for face in $FACEBOOK_ALLOW; do
iptables -A FACEBOOK -s $face -j ACCEPT
done
iptables -A FACEBOOK -j REJECT

Alguém pode me ajudar ?

0 0

Quote

2. Re: Erro na sintax [RESOLVIDO]

Beatrix_Kiddo
(usa Outra)

Enviado em 18/06/2013 - 17:01h

Testa esse. Funciona aqui.

FACEBOOK_IP_RANGE="31.13.01.01-31.13.254.254 74.119.76.0-74.119.79.255 69.63.176.0-69.63.191.255 69.171.224.0-69.171.255.255 66.220.144.0-66.220.159.255 204.15.20.0-204.15.23.255 173.252.64.0-173.252.127.255 173.152.100.1-173.152.110.254 69.171.224.0-69.171.255.255 200.182.35.186-200.182.35.187"
iptables -N FACEBOOK

for face in $FACEBOOK_IP_RANGE; do
iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range $face --dport 443 -j FACEBOOK
iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range $face --dport 80 -j FACEBOOK
done

FACEBOOK_ALLOW="10.0.0.163 10.0.0.160 10.0.0.158 10.0.0.98 10.0.0.156"

for MSR in $FACEBOOK_ALLOW; do
iptables -I FACEBOOK -s $MSR -j ACCEPT
done
iptables -A FACEBOOK -j REJECT

0 0

Quote

3. Re: Erro na sintax [RESOLVIDO]

victor.p
(usa Ubuntu)

Enviado em 18/06/2013 - 17:08h

kidokb escreveu:

Testa esse. Funciona aqui.

FACEBOOK_IP_RANGE="31.13.01.01-31.13.254.254 74.119.76.0-74.119.79.255 69.63.176.0-69.63.191.255 69.171.224.0-69.171.255.255 66.220.144.0-66.220.159.255 204.15.20.0-204.15.23.255 173.252.64.0-173.252.127.255 173.152.100.1-173.152.110.254 69.171.224.0-69.171.255.255 200.182.35.186-200.182.35.187"
iptables -N FACEBOOK

for face in $FACEBOOK_IP_RANGE; do
iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range $face --dport 443 -j FACEBOOK
iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range $face --dport 80 -j FACEBOOK
done

FACEBOOK_ALLOW="10.0.0.163 10.0.0.160 10.0.0.158 10.0.0.98 10.0.0.156"

for MSR in $FACEBOOK_ALLOW; do
iptables -I FACEBOOK -s $MSR -j ACCEPT
done
iptables -A FACEBOOK -j REJECT

Deu esse erro:

iptables v1.4.12.2: option "--dport" requires an argument
Try `iptables -h' or 'iptables --help' for more information.
./rc.facebook: line 13: 443: command not found
iptables v1.4.12.2: option "--dport" requires an argument
Try `iptables -h' or 'iptables --help' for more information.
./rc.facebook: line 15: 80: command not found
iptables v1.4.12.2: option "--dport" requires an argument
Try `iptables -h' or 'iptables --help' for more information.
./rc.facebook: line 13: 443: command not found
iptables v1.4.12.2: option "--dport" requires an argument
Try `iptables -h' or 'iptables --help' for more information.
./rc.facebook: line 15: 80: command not found
iptables v1.4.12.2: option "--dport" requires an argument
Try `iptables -h' or 'iptables --help' for more information.
./rc.facebook: line 13: 443: command not found
iptables v1.4.12.2: option "--dport" requires an argument
Try `iptables -h' or 'iptables --help' for more information.
./rc.facebook: line 15: 80: command not found
iptables v1.4.12.2: option "--dport" requires an argument
Try `iptables -h' or 'iptables --help' for more information.
./rc.facebook: line 13: 443: command not found
iptables v1.4.12.2: option "--dport" requires an argument
Try `iptables -h' or 'iptables --help' for more information.
./rc.facebook: line 15: 80: command not found
iptables v1.4.12.2: option "--dport" requires an argument
Try `iptables -h' or 'iptables --help' for more information.
./rc.facebook: line 13: 443: command not found
iptables v1.4.12.2: option "--dport" requires an argument
Try `iptables -h' or 'iptables --help' for more information.
./rc.facebook: line 15: 80: command not found
iptables v1.4.12.2: option "--dport" requires an argument
Try `iptables -h' or 'iptables --help' for more information.
./rc.facebook: line 13: 443: command not found
iptables v1.4.12.2: option "--dport" requires an argument
Try `iptables -h' or 'iptables --help' for more information.
./rc.facebook: line 15: 80: command not found
iptables v1.4.12.2: option "--dport" requires an argument
Try `iptables -h' or 'iptables --help' for more information.
./rc.facebook: line 13: 443: command not found
iptables v1.4.12.2: option "--dport" requires an argument
Try `iptables -h' or 'iptables --help' for more information.
./rc.facebook: line 15: 80: command not found
iptables v1.4.12.2: option "--dport" requires an argument
Try `iptables -h' or 'iptables --help' for more information.
./rc.facebook: line 13: 443: command not found
iptables v1.4.12.2: option "--dport" requires an argument
Try `iptables -h' or 'iptables --help' for more information.
./rc.facebook: line 15: 80: command not found
iptables v1.4.12.2: option "--dport" requires an argument
Try `iptables -h' or 'iptables --help' for more information.
./rc.facebook: line 13: 443: command not found
iptables v1.4.12.2: option "--dport" requires an argument
Try `iptables -h' or 'iptables --help' for more information.
./rc.facebook: line 15: 80: command not found
iptables v1.4.12.2: option "--dport" requires an argument
Try `iptables -h' or 'iptables --help' for more information.
./rc.facebook: line 13: 443: command not found
iptables v1.4.12.2: option "--dport" requires an argument
Try `iptables -h' or 'iptables --help' for more information.
./rc.facebook: line 15: 80: command not found

0 0

Quote

4. Re: Erro na sintax [RESOLVIDO]

phoemur
(usa Debian)

Enviado em 18/06/2013 - 21:13h

tenta assim:

iptables -I FORWARD -m string --algo bm --string "facebook.com" -j DROP

ou assim:

whois -h whois.radb.net '!gAS32934' | sed -e 's/ /\n/g' -e '/^[A-Za-z#]/d' | while read line; do iptables -I FORWARD -d $line -j REJECT; done

0 0

Quote

5. Re: Erro na sintax [RESOLVIDO]

victor.p
(usa Ubuntu)

Enviado em 19/06/2013 - 07:59h

Amigos da VOL, acabei resolvendo o problema e foi pura falta de atenção. O codigo estava assim:

iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range
66.220.144.0-66.220.159.255 --dport 443 -j FACEBOOK

Mais na verdade tinha que ficar assim:

iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range 66.220.144.0-66.220.159.255 --dport 443 -j FACEBOOK

Obrigado pela ajuda de todos :D

0 0

Quote