I  ran into an odd issue today – my firewall build script was failing on our account master node.

It turns out that I was trying to use a chain name in iptables that exceeded the maximum length allowed. I wanted to use "REMOTE_ACCOUNT_SLAV ES_ASHEVILLE" (31 chars) and the limit is 30 chars.

You can see this in /usr/include/linux/netfilter_ipv4/ip_tables.h and /usr/include/linux/netfilter/x_tables.h:

/usr/include/linux/netfilter_ipv4/ip_tables.h
22:#define IPT_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN

/usr/include/linux/netfilter/x_tables.h
4:#define XT_FUNCTION_MAXNAMELEN 30

This was on CentOS 5.6.

Leave a reply

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> 

required