Dropping and logging
Ulrich Eckhardt
Ulrich.Eckhardt@transcom.de
Tue, 14 Nov 2000 16:46:52 +0100
BOFHen på Admera wrote:
>
> Hi!
>
> I can't seem to get the hang of the logging part. I've in support for
> the LOG target and I want to first log and then drop the packet so I can
> see if anyone tries.
>
> I want to disallow access to anywhere port 6666 (no internal machines
> should be able to connect to a port 6666 anywhere on Internet). I have
> the following rules defined
>
> iptables -A INPUT -p TCP -i eth0 --dport 6666 -j LOG
> iptables -A INPUT -p TCP -i eth0 --dport 6666 -j DROP
>
> First. Isn't it possible to do both at the same rule?
You can create a chain which do this (mostly stolen
from Anthony C. Zboralski's QUICKSTART guide)
$iptables --new LDROP
$iptables -A LDROP --proto tcp -j LOG --log-level warn \
--log-prefix "TCP Drop "
$iptables -A LDROP --proto udp -j LOG --log-level warn \
--log-prefix "UDP Drop "
$iptables -A LDROP --proto icmp -j LOG --log-level warn \
--log-prefix "ICMP Drop "
$iptables -A LDROP -f -j LOG --log-level warn \
--log-prefix "FRAG Drop "
$iptables -A LDROP -j DROP
iptables -A INPUT -p TCP -i eth0 --dport 6666 -j LDROP
> Second. I see the logging with dmesg but I can't seem to configure
> syslogd to output it to a file or tty.
klogd is running ?
else man syslogd.conf
Uli
--
Ulrich Eckhardt Tr@nscom
http://www.uli-eckhardt.de http://www.transcom.de
Lagerstraße 11-15 A8
64807 Dieburg Germany