I  ran into an odd issue today – my firewall build script was failing on our account master node.

It turns out that I was trying to use a chain name in iptables that exceeded the maximum length allowed. I wanted to use "REMOTE_ACCOUNT_SLAV ES_ASHEVILLE" (31 chars) and the limit is 30 chars.

You can see this in /usr/include/linux/netfilter_ipv4/ip_tables.h and /usr/include/linux/netfilter/x_tables.h:

/usr/include/linux/netfilter_ipv4/ip_tables.h
22:#define IPT_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN

/usr/include/linux/netfilter/x_tables.h
4:#define XT_FUNCTION_MAXNAMELEN 30

This was on CentOS 5.6.