Re: logging iptables
Hi and thanks i did look at the man pages but i am completly new to
firewalls so i got more confused than i was before. A little extra - when
i use LOG i can tjek out the messeges using syslog or dmesg - is there
a way i can filter this LOG information into its own log file in /var/log
?????
thanks
> Hi,
>
> As from the man:
>
> LOG:
> This is a "non-terminating target",
> i.e. rule traversal continues at the next rule. So if you
> want to LOG the packets you refuse, use two separate rules
> with the same matching criterias, first using target LOG
> then DROP (or REJECT).
>
> So, simply insert a rule which match the traffic you accept, before you accept
> it.
>
> An advice: you accpt any packet with destination port matching your services.
> You should only accpet the --state NEW packets; -s 0/0 is useless, use -m limit
> is quite usefull too, and finally, if you want to have stats on a per protocol
> basis, you should use a separate line for each proto and use the counters
> associated with each rule.
>
>
> iptables -P INPUT DROP
> iptables -A INPUT -p tcp -m multiport -m state --state NEW --dport 22,25,110,113 -i eth0 -m limit -j LOG --log-prefix "ACCEPTED:"
> iptables -A INPUT -p tcp -m state --state NEW --dport 22 -i eth0 -j ACCEPT
> iptables -A INPUT -p tcp -m multiport -m state --state NEW --dport 25 -i eth0 -j ACCEPT
> ..
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -A INPUT -m limit -j LOG --log-prefix "DROPED"
>
>
> Hope that help,
>
> JeF
>
___
Mvh./Yours sincerely
Lars
========================================================================
Lars Roland Kristiansen | Email: m00lrk@math.ku.dk
Stu. Sci. Math/Computer science | TLF(home): 39670663
Copenhagen University - | Home address: Emdrupvej 175
Institute for Mathematical Sciences | C/O Rune Bruhn 2400 Copenhagen NV
Url: www.math.ku.dk |
========================================================================
"Politics is for the moment, equations are forever"
- Albert Einstein
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: