Doubt: IPTables logging
Greetings
Inside a chain with default policy DROP, a rule like: -A OUTPUT -j LOG --log-prefix "[OUTPUT DROP] : " --log-level 3 in my OUTPUT chain will log all packages that doesn't match any of my rules. What I'd like to now is: Is there a rule I can add, similar to that one, that will log all ACCEPTED packages? I thought about it and the idea of having to add a LOG rule for each ACCEPT rule really doesn't attract me :P I just know the basics of IPTABLES, so I'd really could use some help into it Thanks anyone for the attention =] |
dude that was hard to read,
yes you can, say you have a rule like : iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT then do this :- iptables -A OUTPUT -p tcp --dport 22 -j LOG --log-prefix "Output accepted : " --log-level 3 iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT |
Guess it really is strange, sorry :D
Well, yeah, for that kind of logging I know, u just add a -j LOG rule before the ACCEPT rule and it will log it. What I'd like to know is: Is there a rule I can add somewhere inside the chain that will log all ACCEPTED packages, even when the policy of that chain is set to DROP? |
ahh ok then,
what you could do would be to set up a new chain that only accepts, then modify your accept rules to jump to this chain .. iptables -N ACPT iptables -A ACPT -j LOG --log-prefix "Accepted : " --log-level 3 ipatbles -A ACPT -j ACCEPT then to your accept rules use, iptables -p tcp --dport 22 -j ACPT this will make all the packets you would normally just accept jump to the acpt chain, this then logs the packet and accepts it. any closer ?? |
All times are GMT -5. The time now is 05:49 PM. |