Logging dropped packets via netfilter/iptables
in [Linux Networking]
|
Prev: UMTS
Next: Domain name from Subdomian
From: Mark Hobley on 16 Mar 2010 04:08 I am using netfilter/iptables to drop unauthorized traffic from certain network service ports via thr INPUT chain. For example: iptables -A MYTABLE -s $addr -jACCEPT iptables -A MYTABLE -jDROP Packets that do not match entries in MYTABLE are filtered via the DROP. My question is this ... Is there a way that I can cause a log file entry to be written for dropped packets, (for example some sort of -jLOGANDDROP ?) Mark. -- Mark Hobley Linux User: #370818 http://markhobley.yi.org/
From: Pascal Hambourg on 16 Mar 2010 06:07 Hello, Mark Hobley a �crit : > I am using netfilter/iptables to drop unauthorized traffic from certain > network service ports via thr INPUT chain. For example: > > iptables -A MYTABLE -s $addr -jACCEPT > iptables -A MYTABLE -jDROP > > Packets that do not match entries in MYTABLE are filtered via the DROP. > My question is this ... Is there a way that I can cause a log file entry to > be written for dropped packets, (for example some sort of -jLOGANDDROP ?) As usual, there are several ways. - Insert a LOG rule before the DROP : iptables -A MYTABLE -j LOG [log options] iptables -A MYTABLE -j DROP - Create a LOGANDDROP user-defined chain and call it instead of DROP : iptables -N LOGANDDROP iptables -A LOGANDDROP -j LOG [log options] iptables -A LOGANDDROP -j DROP iptables -A MYTABLE -j LOGANDDROP
From: Greg Russell on 16 Mar 2010 06:07 In news:12q377-ibn.ln1(a)neptune.markhobley.yi.org, Mark Hobley <markhobley(a)hotpop.donottypethisbit.com> typed: > I am using netfilter/iptables to drop unauthorized traffic from > certain network service ports via thr INPUT chain. For example: > > iptables -A MYTABLE -s $addr -jACCEPT > iptables -A MYTABLE -jDROP > > Packets that do not match entries in MYTABLE are filtered via the > DROP. > My question is this ... Is there a way that I can cause a log file > entry to be written for dropped packets, (for example some sort of > -jLOGANDDROP ?) Just _before_ you drop the packets, add a rule something like: -A MYTABLE -j LOG --log-level 7 --log-prefix UNSOLICITED: .... and in /etc/syslog.conf : kern.=debug -/var/log/dropped_packets Then: /etc/init.d/syslog restart
|
Pages: 1 Prev: UMTS Next: Domain name from Subdomian |