Discussion:
help - log iptables
Flavio A. Reis
2011-04-01 12:58:49 UTC
Permalink
Hello,
friends, you can log into all that iptables is being blocked without logging
rules ACCEPT.
Example:
My Firewall has only opened the ports (80, 443, 53).
You can log all other connection attempts?
Thanks
att
--
*---------------------------------------------------------------------------
Flávio Alexandre dos Reis
Linux user #481115
Ubuntu user #24388
Fone: 32 9194-9960
Juiz de Fora - MG*
Bjoern Meier
2011-04-01 13:06:26 UTC
Permalink
hi,
Post by Flavio A. Reis
Hello,
friends, you can log into all that iptables is being blocked without logging
rules ACCEPT.
My Firewall has only opened the ports (80, 443, 53).
You can log all other connection attempts?
Thanks
att
sure.
- Set Default Policy for INPUT to DROP
- Create Rule for ACCEPT 80,443,53
- Append logging Rule (if the packets end here, it will be dropped);
maybe with Prefix "DROP:"
- change logrotate rules (you will get a lot of log entries).

Greetings,
Björn
Remzi AKYÜZ
2011-04-01 13:53:12 UTC
Permalink
example;

iptables -A INPUT -j allow
iptables -A INPUT -j LOG --log-prefix="Dropped :"

iptables -N allow
iptables -A allow -p tcp -m multiport --dports http,https,domain -m
conntrack --ctstate NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A allow -p udp --dport 63

iptables -P INPUT DROP


you see log via dmesg or syslog.
Post by Bjoern Meier
hi,
Post by Flavio A. Reis
Hello,
friends, you can log into all that iptables is being blocked without logging
rules ACCEPT.
My Firewall has only opened the ports (80, 443, 53).
You can log all other connection attempts?
Thanks
att
sure.
- Set Default Policy for INPUT to DROP
- Create Rule for ACCEPT 80,443,53
- Append logging Rule (if the packets end here, it will be dropped);
maybe with Prefix "DROP:"
- change logrotate rules (you will get a lot of log entries).
Greetings,
Björn
--
To UNSUBSCRIBE, email to debian-firewall-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Archive: http://lists.debian.org/***@gmail.com
Flavio A. Reis
2011-04-01 14:06:26 UTC
Permalink
*thank you Remzi
*
Post by Remzi AKYÜZ
iptables -A INPUT -j allow
iptables -A INPUT -j LOG --log-prefix="Dropped :"
iptables -N allow
iptables -A allow -p tcp -m multiport --dports http,https,domain -m
conntrack --ctstate NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A allow -p udp --dport 63
iptables -P INPUT DROP
--
*---------------------------------------------------------------------------
Flávio Alexandre dos Reis
Linux user #481115
Ubuntu user #24388
Fone: 32 9194-9960
Juiz de Fora - MG*
Loading...