LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   outputting firewall messages to a file instead if stdout (http://www.linuxquestions.org/questions/linux-networking-3/outputting-firewall-messages-to-a-file-instead-if-stdout-197591/)

schatoor 06-25-2004 09:21 AM

outputting firewall messages to a file instead if stdout
 
Hi, I just setuped my firewall. Installed iptables, recompiled my kernel and build additional modules... you know the workes. The good news is the firewall actually workes, but it outputs messages directly to my console fludding it and thus rendering it effectivelly useless. Not good!!!
Here is the script I use to get my firewall up and running on every boot:

Code:

#!/bin/sh

# Begin $rc_base/init.d/firewall


case "$1" in
  start)
    echo "starting firewall..."

    # Insert connection-tracking modules (not needed if built into the
    # kernel).
    modprobe ip_tables
    modprobe iptable_filter
    modprobe ip_conntrack
    modprobe ip_conntrack_ftp
    modprobe ipt_state
    modprobe ipt_LOG

    # allow local-only connections
    /usr/sbin/iptables -A INPUT  -i lo -j ACCEPT
    # free output on any interface to any ip for any service (equal to -P
    # ACCEPT)
    /usr/sbin/iptables -A OUTPUT -j ACCEPT

    # permit answers on already established connections
    # and permit new connections related to established ones (eg active-ftp)
    /usr/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

    # Log everything else:  What's Windows' latest exploitable
    # vulnerability?
    /usr/sbin/iptables -A INPUT -j LOG --log-prefix "FIREWALL:INPUT "

    # set a sane policy:    everything not accepted > /dev/null
    /usr/sbin/iptables -P INPUT    DROP
    /usr/sbin/iptables -P FORWARD  DROP
    /usr/sbin/iptables -P OUTPUT  DROP

    # be verbose on dynamic ip-addresses    (not needed in case of static
    # IP)
    echo 2 > /proc/sys/net/ipv4/ip_dynaddr

    # disable ExplicitCongestionNotification - too many routers are still
    # ignorant
    echo 0 > /proc/sys/net/ipv4/tcp_ecn
    ;;
  stop)
    echo "stopping firewall..."

    # deactivate IP-Forwarding
    echo 0 > /proc/sys/net/ipv4/ip_forward

    /usr/sbin/iptables -Z
    /usr/sbin/iptables -F
    /usr/sbin/iptables -X
    /usr/sbin/iptables -P INPUT      ACCEPT
    /usr/sbin/iptables -P FORWARD    ACCEPT
    /usr/sbin/iptables -P OUTPUT      ACCEPT

    #unload the modules

    rmmod iptable_filter
    rmmod ipt_state
    rmmod ipt_LOG
    rmmod ip_tables
    rmmod ip_conntrack_ftp
    rmmod ip_conntrack
    ;;
  restart)
    $0 stop
    /bin/sleep 1
    $0 start
    ;;
    *)
        echo "Usage: $0 {start|stop|restart}"
        exit 1
        ;;
esac

I wrote this my self, with much help from the linux from scratch book. How should I change this so that the firewall output is redirected to a file insted of the standard output???

Any help is appriciated, thanks.

ppuru 06-25-2004 11:24 AM

edit /etc/syslog.conf

kern.* /var/log/kernellog

and add kern.none to the /var/log/messages line.

hazza 06-25-2004 11:40 AM

Another way to prevent the firewall log output being displayed on your console is to use add "--log-level info" to you log rules.

e.g.

/usr/sbin/iptables -A INPUT -j LOG --log-prefix "FIREWALL:INPUT " --log-level info


All times are GMT -5. The time now is 02:25 AM.