LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian
User Name
Password
Debian This forum is for the discussion of Debian Linux.

Notices

Reply
 
Search this Thread
Old 06-20-2004, 11:20 PM   #1
blindgren
LQ Newbie
 
Registered: Jun 2004
Distribution: Debian Testing
Posts: 13

Rep: Reputation: 0
Logging Deny/Reject packets


I am using Shorewall for my firewall. As it sits it is logging Accept packets fine to /var/log/messages. Does anyone have any info on how to log Deny/Reject packets to /var/log/messages as well?
 
Old 06-21-2004, 08:09 AM   #2
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
Add a LOG rule the same as the DROP rule just before each DROP rule,eg
iptables -A FORWARD -i eth1 -p tcp --dport 22 -s ! 80.80.80.81 -j LOG --log-prefix "ssh_drop "
iptables -A FORWARD -i eth1 -p tcp --dport 22 -s ! 80.80.80.81 -j DROP

If you have a DROP policy, add a simple -j LOG rule as the last rule in those chains, eg
iptables -A INPUT -j LOG --log=prefix "policy_drop "

In Shorewall, make a duplicate of the DROP rule, change it to LOG and insert it before the DROP rule,
 
Old 06-21-2004, 08:39 AM   #3
blindgren
LQ Newbie
 
Registered: Jun 2004
Distribution: Debian Testing
Posts: 13

Original Poster
Rep: Reputation: 0
Thanks. I was thinking about doing that but figured there was a way to accomplish that the same as the Accept packets (I didn't have to add the log Accept, it did that automatically). I will give it a try tonight. Thanks again.
 
Old 06-21-2004, 10:15 PM   #4
blindgren
LQ Newbie
 
Registered: Jun 2004
Distribution: Debian Testing
Posts: 13

Original Poster
Rep: Reputation: 0
Peter,

Your post pointed me in the right direction.

Under /etc/shorewall/rules to log packets for any rule you add the syslog level after the "action" for a rule.

Example:
DROP:info loc net tcp - 135,137:139,445 - - -
DROP:info loc net udp - 135,137:139,445,593 - - -

Drop the packet and log to syslog at the info level. I think there are 6 different levels depending on what kind of infformation you want.

Thanks again.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
why my kernel is not logging the packets ilnli Linux - General 4 01-23-2005 01:11 PM
logging incoming packets ip address b123coder Linux - Networking 1 11-18-2004 02:17 PM
Logging Packets Ampex Linux - Security 1 02-26-2004 07:02 PM
Logging\Filtering Packets Through a Gateway ASP Linux - Software 2 10-21-2003 10:11 PM
DENY ICMP Packets joseph Linux - Software 1 10-08-2003 10:03 PM


All times are GMT -5. The time now is 09:32 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration