Hello everyone, i am new to the forums and to the world of linux.
I've been trying to learn iptables, and came up with the following rules, and i am wondering if they seem okay, is there anything out of place/not needed, and would appreciate some insights.
I am using NAT to share the internet between my windows pc in house.
The code is right here:
Code:
# Generated by iptables-save v1.4.0 on Mon Jul 21 22:32:43 2008
*nat
:PREROUTING ACCEPT [8745:413359]
:POSTROUTING ACCEPT [153:9795]
:OUTPUT ACCEPT [153:9795]
-A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
COMMIT
# Completed on Mon Jul 21 22:32:43 2008
# Generated by iptables-save v1.4.0 on Mon Jul 21 22:32:43 2008
*filter
:INPUT DROP [4371:217374]
:FORWARD ACCEPT [8:420]
:OUTPUT ACCEPT [1768:165707]
:FIREWALL - [0:0]
:fw-interfaces - [0:0]
:fw-open - [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -j LOG --log-prefix "Firewall: "
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A INPUT -p icmp -j FIREWALL
-A INPUT -j FIREWALL
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -j fw-interfaces
-A FORWARD -j fw-open
-A FIREWALL -m limit --limit 10/min -j LOG --log-prefix "Firewall: "
-A FIREWALL -j DROP
COMMIT
# Completed on Mon Jul 21 22:32:43 2008
# Generated by iptables-save v1.4.0 on Mon Jul 21 22:32:43 2008
*mangle
:PREROUTING ACCEPT [10544:1041845]
:INPUT ACCEPT [10389:1009007]
:FORWARD ACCEPT [155:32838]
:OUTPUT ACCEPT [1768:165707]
:POSTROUTING ACCEPT [1923:198545]
COMMIT
# Completed on Mon Jul 21 22:32:43 2008
I am not sure if the line "-A INPUT -j LOG --log-prefix "Firewall: " " is correct or not or if its needed (logging works fine but i think its due to my FIREWALL chain)
Also how would i be able to log to a certain file instead of messages.log
I looked around and found that this would be enable logging to a certain file, but it doesnt seem to work. (I am using ArchLinux btw)
Code:
#
# /etc/syslog-ng.conf
#
options {
sync (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames(off);
use_dns (no);
use_fqdn (no);
create_dirs (no);
keep_hostname (yes);
perm(0640);
group("log");
};
source src {
unix-stream("/dev/log");
internal();
file("/proc/kmsg");
};
destination authlog { file("/var/log/auth.log"); };
destination syslog { file("/var/log/syslog.log"); };
destination cron { file("/var/log/crond.log"); };
destination daemon { file("/var/log/daemon.log"); };
destination kernel { file("/var/log/kernel.log"); };
destination lpr { file("/var/log/lpr.log"); };
destination user { file("/var/log/user.log"); };
destination uucp { file("/var/log/uucp.log"); };
destination mail { file("/var/log/mail.log"); };
destination news { file("/var/log/news.log"); };
destination ppp { file("/var/log/ppp.log"); };
destination debug { file("/var/log/debug.log"); };
destination messages { file("/var/log/messages.log"); };
destination errors { file("/var/log/errors.log"); };
destination everything { file("/var/log/everything.log"); };
destination iptables { file("/var/log/iptables.log"); };
destination acpid { file("/var/log/acpid.log"); };
destination console { usertty("root"); };
# Log everything to vc12
destination console_all { file("/dev/vc/12"); };
filter f_auth { facility(auth); };
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { program(syslog-ng); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kernel { facility(kern) and not match("IPT"); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_news { facility(news); };
filter f_user { facility(user); };
filter f_uucp { facility(cron); };
filter f_news { facility(news); };
filter f_ppp { facility(local2); };
filter f_debug { not facility(auth, authpriv, news, mail); };
filter f_messages { level(info..warn) and not facility(auth, authpriv, mail, news, cron) and not program(syslog-ng) and not match("IPT"); };
filter f_everything { level(debug..emerg) and not facility(auth, authpriv); };
filter f_emergency { level(emerg); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err) and not match("IPT"); };
filter f_iptables { match("IPT"); };
filter f_acpid { match("acpid"); };
log { source(src); filter(f_acpid); destination(acpid); flags(final); };
log { source(src); filter(f_authpriv); destination(authlog); };
log { source(src); filter(f_syslog); destination(syslog); };
log { source(src); filter(f_cron); destination(cron); };
log { source(src); filter(f_daemon); destination(daemon); };
log { source(src); filter(f_kernel); destination(kernel); };
log { source(src); filter(f_lpr); destination(lpr); };
log { source(src); filter(f_mail); destination(mail); };
log { source(src); filter(f_news); destination(news); };
log { source(src); filter(f_ppp); destination(ppp); };
log { source(src); filter(f_user); destination(user); };
log { source(src); filter(f_uucp); destination(uucp); };
#log { source(src); filter(f_debug); destination(debug); };
log { source(src); filter(f_messages); destination(messages); };
log { source(src); filter(f_err); destination(errors); };
log { source(src); filter(f_emergency); destination(console); };
log { source(src); filter(f_everything); destination(everything); };
log { source(src); filter(f_iptables); destination(iptables); };
# Log everything to vc12
#log { source(src); destination(console_all); };
Any help or insight would be much appreciated.