On Mon, 2002-04-22 at 11:24, Lars Roland Kristiansen wrote: > Hi and thanks i did look at the man pages but i am completly new to > firewalls so i got more confused than i was before. A little extra - when > i use LOG i can tjek out the messeges using syslog or dmesg - is there > a way i can filter this LOG information into its own log file in /var/log > ?????
As always: more than one way :) Add '--log-level debug' to iptables, add "kern.debug /var/log/debug' to /etc/syslog.conf, killall -HUP syslogd, and look in /var/log/debug. If you have a line in /etc/syslog.conf that says 'kern.*' or '*.debug' (the default syslog.conf does), then it will go to those logfiles too. You could also try installing syslog-ng instead of syslogd, and use '--log-prefix iptables', and setup a syslog filter rule for iptables. I've never tried this. > > thanks > > > Hi, > > > > As from the man: > > > > LOG: > > This is a "non-terminating target", > > i.e. rule traversal continues at the next rule. So if you > > want to LOG the packets you refuse, use two separate rules > > with the same matching criterias, first using target LOG > > then DROP (or REJECT). > > > > So, simply insert a rule which match the traffic you accept, before you > > accept > > it. > > > > An advice: you accpt any packet with destination port matching your > > services. > > You should only accpet the --state NEW packets; -s 0/0 is useless, use -m > > limit > > is quite usefull too, and finally, if you want to have stats on a per > > protocol > > basis, you should use a separate line for each proto and use the counters > > associated with each rule. > > > > > > iptables -P INPUT DROP > > iptables -A INPUT -p tcp -m multiport -m state --state NEW --dport > > 22,25,110,113 -i eth0 -m limit -j LOG --log-prefix "ACCEPTED:" > > iptables -A INPUT -p tcp -m state --state NEW --dport 22 -i eth0 -j ACCEPT > > iptables -A INPUT -p tcp -m multiport -m state --state NEW --dport 25 -i > > eth0 -j ACCEPT > > .. > > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > > iptables -A INPUT -m limit -j LOG --log-prefix "DROPED" > > > > > > Hope that help, > > > > JeF > > > > ___ > Mvh./Yours sincerely > > Lars > > ======================================================================== > Lars Roland Kristiansen | Email: [EMAIL PROTECTED] > Stu. Sci. Math/Computer science | TLF(home): 39670663 > Copenhagen University - | Home address: Emdrupvej 175 > Institute for Mathematical Sciences | C/O Rune Bruhn 2400 Copenhagen NV > Url: www.math.ku.dk | > ======================================================================== > > "Politics is for the moment, equations are forever" > - Albert Einstein > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- Berend De Schouwer -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
