|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Rob 'Feztaa' Park (fezziker
home.com)Date: Fri Oct 05 2001 - 17:53:30 CDT
On 4 Oct 2001, Lance (dis)graced my inbox with this:
> What are some simple methods to log packets, both filtered and
> unfiltered with iptables?
>
> I've defined log chains at the end of my firewall script but nothing
> comes up in the logs.
>
> Any reference or information would be helpful.
Well, the problem is that all your packets are being matched, and then
accepted or dropped before they get to your log rules, so you are
effectively logging nothing.
What you want to do is move your log rules to the beginning of your
chains.
I suppose there are two ways you could go about doing it. You could just
set up one rule that logs everything, and is the first rule on your list.
This would be the simplest way, but it would also flood your logs with a
bunch of unimportant junk and would just be an overall waste (waste of
time, waste of space, etc etc). If you're going to go this route, you
might as well just run tcpdump for a while instead.
Or, you can duplicate the rules you want to be logged and, and change the
-j parameter to LOG (be sure to put the LOG rules before their originals,
or it won't work). That way you can clean up your logs a bit by only
logging pertinent information. Here is an example:
iptables -A INPUT -p icmp --icmp-type 8 -j LOG #Log pings to your system
iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT #Accept the logged pings
-- Rob 'Feztaa' Park fezziker
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]