Re: logging iptables

To: Jean-Francois Dive <jef@linuxbe.org>
Cc: Debian-security@lists.debian.org
Subject: Re: logging iptables
From: Lars Roland Kristiansen <m00lrk@math.ku.dk>
Date: Mon, 22 Apr 2002 11:24:34 +0200 (MET DST)
Message-id: <[🔎] Pine.OSF.4.21.0204221121120.86-100000@gram.math.ku.dk>
In-reply-to: <[🔎] 20020421221445.GA494@gnoll.homeip.net>

Hi and thanks i did look at the man pages but i am completly new to
firewalls so i got more confused than i was before. A little extra - when
i use LOG i can tjek out the messeges using syslog or dmesg - is there
a way i can filter this LOG information into its own log file in /var/log 
?????


thanks

> Hi,
> 
> As from the man:
> 
> LOG:
> 	This is a "non-terminating target",
>        i.e. rule traversal continues at the next rule.  So if you
>        want to LOG the packets you refuse, use two separate rules
>        with  the  same matching criterias, first using target LOG
>        then DROP (or REJECT).
> 
> So, simply insert a rule which match the traffic you accept, before you accept
> it.
> 
> An advice: you accpt any packet with destination port matching your services.
> You should only accpet the --state NEW packets; -s 0/0 is useless, use -m limit
> is quite usefull too, and finally, if you want to have stats on a per protocol
> basis, you should use a separate line for each proto and use the counters
> associated with each rule. 
> 
> 
> iptables -P INPUT DROP
> iptables -A INPUT -p tcp -m multiport -m state --state NEW --dport 22,25,110,113 -i eth0 -m limit -j LOG --log-prefix "ACCEPTED:"
> iptables -A INPUT -p tcp -m state --state NEW --dport 22 -i eth0 -j ACCEPT
> iptables -A INPUT -p tcp -m multiport -m state --state NEW --dport 25 -i eth0 -j ACCEPT
> ..
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -A INPUT -m limit -j LOG --log-prefix "DROPED"
> 
> 
> Hope that help,
> 
> JeF
> 

___
Mvh./Yours sincerely

Lars 

========================================================================
Lars Roland Kristiansen             | Email:        m00lrk@math.ku.dk 
Stu. Sci. Math/Computer science     | TLF(home):    39670663 
Copenhagen University -             | Home address: Emdrupvej 175 
Institute for Mathematical Sciences | C/O Rune Bruhn 2400 Copenhagen NV 
Url: www.math.ku.dk                 |
========================================================================

   "Politics is for the moment, equations are forever"
                                                    - Albert Einstein



-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: logging iptables
  - From: Berend De Schouwer <bds@jhb.ucs.co.za>
- Re: logging iptables
  - From: Davy Gigan <dgigan@etu.info.unicaen.fr>

References:
- Re: logging iptables
  - From: Jean-Francois Dive <jef@linuxbe.org>

Prev by Date: Re: Many Virtual Hosts security problem with PHP
Next by Date: passwd by WWW
Previous by thread: Re: logging iptables
Next by thread: Re: logging iptables
Index(es):
- Date
- Thread