Re: help - log iptables

To: Bjoern Meier <bjoern.meier@googlemail.com>
Cc: "Flavio A. Reis" <reis.falexandre@gmail.com>, debian-firewall@lists.debian.org
Subject: Re: help - log iptables
From: Remzi AKYÜZ <linuxliste@gmail.com>
Date: Fri, 01 Apr 2011 16:53:12 +0300
Message-id: <[🔎] 4D95D8C8.9090104@gmail.com>
In-reply-to: <[🔎] AANLkTinuz0QCMx2FMJH+2LCadnWC_dn2QG+gtbLsXU7B@mail.gmail.com>
References: <[🔎] AANLkTi=-Eytjse=83DrqGhE2MsQiJGjdCu0weoaNpjJ_@mail.gmail.com> <[🔎] AANLkTinuz0QCMx2FMJH+2LCadnWC_dn2QG+gtbLsXU7B@mail.gmail.com>

example;

iptables -A INPUT -j allow
iptables -A INPUT -j LOG --log-prefix="Dropped :"

iptables -N allow

iptables -A allow -p tcp -m multiport --dports http,https,domain -mconntrack --ctstate NEW,ESTABLISHED,RELATED -j ACCEPT

iptables -A allow -p udp --dport 63

iptables -P INPUT DROP


you see log via dmesg or syslog.


On 04/01/2011 04:06 PM, Bjoern Meier wrote:

hi,

2011/4/1 Flavio A. Reis<reis.falexandre@gmail.com>:

Hello,
friends, you can log into all that iptables is being blocked without logging
rules ACCEPT.
Example:
My Firewall has only opened the ports (80, 443, 53).
You can log all other connection attempts?
Thanks
att

sure.
- Set Default Policy for INPUT to DROP
- Create Rule for ACCEPT 80,443,53
- Append logging Rule (if the packets end here, it will be dropped);
maybe with Prefix "DROP:"
- change logrotate rules (you will get a lot of log entries).

Greetings,
Björn

Reply to:

Follow-Ups:
- Re: help - log iptables
  - From: "Flavio A. Reis" <reis.falexandre@gmail.com>

References:
- help - log iptables
  - From: "Flavio A. Reis" <reis.falexandre@gmail.com>
- Re: help - log iptables
  - From: Bjoern Meier <bjoern.meier@googlemail.com>

Prev by Date: Re: help - log iptables
Next by Date: Re: help - log iptables
Previous by thread: Re: help - log iptables
Next by thread: Re: help - log iptables
Index(es):
- Date
- Thread