IPTABLES / FIREWALLD wrong spelling command

General support questions
Post Reply
chdeep
Posts: 2
Joined: 2020/07/23 06:14:30

IPTABLES / FIREWALLD wrong spelling command

Post by chdeep » 2020/07/23 06:27:01

Hi!
Unfortunately i speak and write very bad in english.
When i try set VPN (openvpn) server in Centos 7 i write one bad command in the firewall rules:

firewall-cmd --permanent --direct --passthrough ipv4 -t nat -A POSTROUTING -s 10.10.1.0/24 -o $SERVERIP -j MASQUARADE

(not MASCERADE :( )

and when i try the nex step then get error:

$ sudo firewall-cmd --reload
Error: COMMAND_FAILED: Direct: '/usr/sbin/iptables-restore -w -n' failed: Bad argument `MASQUARADE'
Error occurred at line: 4
Try `iptables-restore -h' or 'iptables-restore --help' for more information.

I try reboot, and flush iptables , bit the error is still. How can i remove this bad line?

User avatar
jlehtone
Posts: 2921
Joined: 2007/12/11 08:17:33
Location: Finland

Re: IPTABLES / FIREWALLD wrong spelling command

Post by jlehtone » 2020/07/23 12:29:28

man firewall-cmd wrote:[--permanent] --direct --remove-passthrough { ipv4 | ipv6 | eb } args
Remove a passthrough rule with the arguments args for the ipv value.
Therefore,

Code: Select all

firewall-cmd --permanent --direct --remove-passthrough ipv4 -t nat -A POSTROUTING -s 10.10.1.0/24 -o $SERVERIP -j MASQUARADE
However, I would first check what you actually have, with:

Code: Select all

firewall-cmd --permanent --direct --get-all-passthroughs

pjsr2
Posts: 483
Joined: 2014/03/27 20:11:07

Re: IPTABLES / FIREWALLD wrong spelling command

Post by pjsr2 » 2020/07/23 15:24:25

Firewall-cmd stores the permanent rules in xml files under the /etc/firewalld directory.
You can use the commands suggested above by jlehtone to remove the bad rule.

If that does not work, as a last resort, you can edit the file and change the spelling error.
To find the file that has the spelling mistake:

Code: Select all

grep -r -l MASQUARADE /etc/firewalld

chdeep
Posts: 2
Joined: 2020/07/23 06:14:30

Re: IPTABLES / FIREWALLD wrong spelling command

Post by chdeep » 2020/07/27 09:50:26

jlehtone wrote:
2020/07/23 12:29:28
man firewall-cmd wrote:[--permanent] --direct --remove-passthrough { ipv4 | ipv6 | eb } args
Remove a passthrough rule with the arguments args for the ipv value.
Therefore,

Code: Select all

firewall-cmd --permanent --direct --remove-passthrough ipv4 -t nat -A POSTROUTING -s 10.10.1.0/24 -o $SERVERIP -j MASQUARADE
However, I would first check what you actually have, with:

Code: Select all

firewall-cmd --permanent --direct --get-all-passthroughs
Thank you! It's worked for me! I dont know how to TAG to SOLVED?!

Solution:
FIRST check actuel rules with this command :

Code: Select all

sudo firewall-cmd --permanent --direct --get-all-passthroughs
SECOND delete the wrong line whit this:

Code: Select all

$ sudo firewall-cmd --permanent --direct --remove-passthrough ipv4 -t nat -A POSTROUTING -s 10.10.0.0/24 -o $SERVERIP -j MASQUARADE
Thank you!

Post Reply

Return to “CentOS 7 - General Support”