Re: help needed with firewall logging ..please
suhail, 2004-Feb-09 15:15 -0800:
> Hello,
> I need to know how can a firewall be tested against a SYN Flooder. I
> have the SYN flooder program and also configured my firewall. My
> IPtables script against the SYN packets is the usual :
>
> > $IPTABLES -N syn-flood
> > $IPTABLES -A syn-flood -m limit --limit 50/s --limit-burst 104 -j RETURN
One way is to add a line here like the following:
$IPTABLES -A syn-flood -j LOG --log-prefix "SYN-flood: "
This will log each packet before the next rule with drops it. The
logging will go to syslog with the above prefix prepended.
> > $IPTABLES -A syn-flood -j DROP
> > $IPTABLES -A OUTPUT -p tcp --syn -j syn-flood
>
> Now how do i actually find out if the packets are being dropped.
> i.e where shud I chk my system log files to see the dropped packets
> ... I mean which file is it n under which dir ..
The logging done as shown above goes to syslog. I use syslog-ng and
filter the firewall log messages into a separate file.
> And.. where shud I add the LOG prefix in the chains ?
> Please help me out as i desperately need to know this. Help truly appreciated.
The prefix is shown above.
jc
--
Jeff Coppock Systems Engineer
Diggin' Debian Admin and User
Reply to: