There are some typos in my first message this is the corrected version sorry about tha.

Create the two following chains and set them as the last rule in the chain

 # create a log drop chain to log and drop packets
 /sbin/iptables -N LOGDROP
 /sbin/iptables -A LOGDROP -j LOG
 /sbin/iptables -A LOGDROP -j DROP
 # Rather than dropping any packets send them to the LOGDROP chain
 
if your default policy for forwarding and output were to drop and you also wanted to log them make sure the last rule in each is chain is
 
 /sbin/iptables -A FORWARD -j LOGDROP
 /sbin/iptables -A OUTPUT -j LOGDROP
 
another useful thing is to log accepted packets. I use this to log all the ssh syn packets to my box. This makes it easy to associate logins with ips for ssh traffic.
 
 /sbin/iptables -N LOGGOOD
 /sbin/iptables -A LOGGOOD -j LOG
 /sbin/iptables -A LOGGOOD -j ACCEPT
 /sbin/iptables -A INPUT -p TCP --syn --dport 22 -j LOGGOOD
 
 
 Thanks
 JT
 
> On Thu, 04 October 2001, Lance wrote:
>
> >
> > What are some simple methods to log packets, both filtered and
> > unfiltered with iptables?
> >
> > I've defined log chains at the end of my firewall script but nothing
> > comes up in the logs.
> >
> > Any reference or information would be helpful.
> >
> > Lance
> > RHCE student
>
> "I was cured all right." YHN
> ________________________________________________
> PeoplePC: It's for people. And it's just smart.
> http://www.peoplepc.com

"I was cured all right." YHN
________________________________________________
PeoplePC: It's for people. And it's just smart.
http://www.peoplepc.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]