Howto add 2 output iptables rules?
Christopher K. Johnson
ckjohnson at gwi.net
Wed May 24 16:26:26 UTC 2006
Patrick wrote:
> Hi all,
>
> I would like to set some tos bits for Asterisk/VoIP on my FC5 box. These
> are the rules I would like to add to /etc/sysconfig/iptables:
>
> -A RH-Firewall-1-OUTPUT -t mangle -p udp -m udp --dport 5060 -j DSCP
> --set-dscp 0x28
>
> -A RH-Firewall-1-OUTPUT -t mangle -p udp -m udp --sport 10000:20000 -j
> DSCP --set-dscp 0x28
>
> If I add these rules at the end just before "COMMIT" and do #service
> iptables restart I see the following error message:
>
> Applying iptables firewall rules: iptables-restore v1.3.5: Line 20 seems
> to have a -t table option.
>
> Error occurred at line: 20
>
> Anyone know how I can add these rules?
>
> Thanks and regards,
> Patrick
>
>
Because there are no OUTPUT rules by default, just a policy of ACCEPT,
this should fix your error. I cannot vouch for what you are trying to
do with those rules being successful, only that there is no need for
adding them to a non-existant RH-Firewall-1-OUTPUT chain.
# The existing rules and the existing COMMIT after rules in the *filter
table (shown in the next line)
COMMIT
# new lines follow
*mangle
-A OUTPUT -p udp -m udp --dport 5060 -j DSCP --set-dscp 0x28
-A OUTPUT -p udp -m udp --sport 10000:20000 -j DSCP --set-dscp 0x28
COMMIT
Chris
--
"Spend less! Do more! Go Open Source..." -- Dirigo.net
Chris Johnson, RHCE #804005699817957
More information about the fedora-list
mailing list