Syntax error running iptables?

[John Davidson]

Jason Brooks stated a problem with :

>iptables v1.2.2: Couldn't load target `int-ext':/usr/local/lib/\
>iptables/libipt_int-ext.so: cannot open shared object file: No \
>such file or directory

>Try `iptables -h' or 'iptables --help' for more information.


You need to create the targets before you use them

Try these changes (no critique on content, just making requested
corrections)

iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

iptables -N int-ext
iptables -N int-os
iptables -N ext-int
iptables -N ext-os
iptables -N os-ext
iptables -N os-int

iptables -A FORWARD -i eth0 -o eth1 -j int-ext
iptables -A FORWARD -i eth1 -o eth0 -j ext-int
iptables -A INPUT   -i eth0         -j int-os
iptables -A INPUT   -i eth1         -j ext-os
iptables -A OUTPUT  -o eth0         -j os-int
iptables -A OUTPUT  -o eth1         -j os-ext

# internal to external network
# default policy: allow all outgoing connections
iptables -A int-ext -j ACCEPT
iptables -A int-ext -j DROP

# internal to Local process
# default policy: allow all internal to local process
iptables -A int-os -j ACCEPT
iptables -A int-os -j DROP

# external to internal network
# default: allow only related responses to outbound initiated
# packets
iptables -A ext-int -m state --state ESTABLISHED,RELATED -j
ACCEPT
iptables -A ext-int -j DROP

# external to local process
# default:
#       Allow inbound to sshd port
#       allow only related responses to outbound initiated
#       packets
iptables -A ext-os -p tcp --destination-port 22 -j ACCEPT
iptables -A ext-os -m state --state ESTABLISHED,RELATED -j
ACCEPT
iptables -A ext-os -j DROP


# Local process to external hosts
# default: allow all
iptables -A os-ext -j ACCEPT
iptables -A os-ext -j DROP

# Local process to internal hosts
# default: allow all
iptables -A os-int -j ACCEPT
iptables -A os-int -j DROP


John Davidson