On Fri, 2 Mar 2018, Karel Lang AFD wrote:

> Hello guys,
>
> stumbled on weird thing today - wanted to setup some iptables rules based on 
> 'mac address' and iptables failed to start.
>
> cat /etc/redhat-release
> Scientific Linux release 7.4 (Nitrogen)
>
> iptables --version
> iptables v1.4.21
>
> yum list all | grep iptables
> iptables.x86_64                         1.4.21-18.2.el7_4 @sl-fastbugs
> iptables-services.x86_64                1.4.21-18.2.el7_4 @sl-fastbugs
> iptables-utils.x86_64                   1.4.21-18.2.el7_4 @sl-fastbugs
>
>
> what happens:
> after adding simple rule to '/etc/sysconfig/iptables':
> *filter
> -A INPUT -m mac --mac-source 52-54-00-6f-04-51 -j ACCEPT

I spell mac addresses 52:54:00:6f:04:51 - ie with colons not dashes;
case doesn't seem to matter.

> it refuses to start after 'systemctl restart iptables' and the 'journalctl 
> -xe' says:
>
> Error occurred at line: XX and thats' it

On SL6 I sometimes have to load a module to enable a rule;
what is in your /etc/sysconfig/iptables-config
- or whatever equivalent SL7 uses ?


> If i add the same simple rule to the SL 6.9 iptables rules, it works without 
> problem..
>
> Anyone stumled upon this, only thing i can think of is, that it is not 
> compiled in standard kernel ..
>
> Thanks for any input - i tried to lookup things at search engines, but so far 
> no light ..ehh.
>
>
> -- 
> *Karel Lang*
> *Unix/Linux Administration*
> [log in to unmask] | +420 731 13 40 40
> AUFEER DESIGN, s.r.o. | www.aufeerdesign.cz
>