#261 Script generated for iptables should use weekdays option

open
nobody
5
2014-03-15
2013-10-11
Mark van Leeuwen
No

I have defined policies using days and hours defined with Time objects.

When I attempt to install the compiled script on my destination server, the following error occurs:

iptables v1.4.7: unknown option `--days'
Try `iptables -h' or 'iptables --help' for more information.

The script generated by fwbuilder contains lines like:

    $IPTABLES -A INPUT  -m state --state NEW -m time  --timestart 20:00  --timestop 22:05  --days Sun,Mon,Tue,Thu,Sat -j Cid3725X10680.0

According to the man page, the correct option is "weekdays" not "days".

I altered the generated script and changed the option to weekdays and it then executed correctly.

I am using fwbuilder version 5.1.0.3599 on Windows 7. Installer name was fwbuilder-5.1.0.3599.exe.

Destination server is running Centos 6.4 running iptables package version 1.4.7-9.el6.

Discussion

  • I just revisited this issue and discovered that the option --days was supported in earlier versions of iptables.

    Fwbuilder does allow setting the version of iptables (select the firewall and Edit). After setting the version to 1.4.4 or later, fwbuilder correctly generated the script with --weekdays instead.

    Ver 1.4.4 of iptables was released in 2009, so I recommend that this be the default version so others will not be caught out as I was.