|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: JT (killminus9
peoplepc.com)Date: Sat Oct 06 2001 - 15:11:56 CDT
Create the two following chains and set them as the last rule in the chain
# create a log drop chain to log and drop packets
/sbin/iptables -N LOGDROP
/sbin/iptables -A LOGDROP -j LOG
/sbin/iptables -A LOGDROP -j DROP
# Rather than dropping any packets send them to the LOGDROP chain
if your default policy for forwarding and output were to drop and you also wanted to log them make sure the last rule in each is chain is
/sbin/iptables -A FORWARD -j LOGDROP
/sbin/iptables -A OUTPUT -j LOGDROP
another useful thing is to log accepted packets. I use this to log all the ssh syn packets to my box. This makes it easy to associate logins with ips for ssh traffic.
/sbin/iptables -N LOGGOOD
/sbin/iptables -A LOGGOOD -j LOG
/sbin/iptables -A LOGGOD -j DROP
/sbin/iptables -A INPUT -p TCP --syn --dport 22 -j LOGGOOD
Thanks
JT
On Thu, 04 October 2001, Lance wrote:
>
> What are some simple methods to log packets, both filtered and
> unfiltered with iptables?
>
> I've defined log chains at the end of my firewall script but nothing
> comes up in the logs.
>
> Any reference or information would be helpful.
>
> Lance
> RHCE student
"I was cured all right." YHN
________________________________________________
PeoplePC: It's for people. And it's just smart.
http://www.peoplepc.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]