Doubt: IPTables logging
 

Greetings

Inside a chain with default policy DROP, a rule like:

-A OUTPUT -j LOG --log-prefix "[OUTPUT DROP] : " --log-level 3

in my OUTPUT chain will log all packages that doesn't match any of my rules.

What I'd like to now is:

Is there a rule I can add, similar to that one, that will log all ACCEPTED packages? I thought about it and the idea of having to add a LOG rule for each ACCEPT rule really doesn't attract me :P

I just know the basics of IPTABLES, so I'd really could use some help into it

Thanks anyone for the attention =]

dude that was hard to read,

yes you can, say you have a rule like :

iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT

then do this :-

iptables -A OUTPUT -p tcp --dport 22 -j LOG --log-prefix "Output accepted : " --log-level 3
iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT

Guess it really is strange, sorry :D

Well, yeah, for that kind of logging I know, u just add a -j LOG rule before the ACCEPT rule and it will log it.

What I'd like to know is: Is there a rule I can add somewhere inside the chain that will log all ACCEPTED packages, even when the policy of that chain is set to DROP?

ahh ok then,

what you could do would be to set up a new chain that only accepts, then modify your accept rules to jump to this chain ..

iptables -N ACPT
iptables -A ACPT -j LOG --log-prefix "Accepted : " --log-level 3
ipatbles -A ACPT -j ACCEPT


then to your accept rules use,


iptables -p tcp --dport 22 -j ACPT


this will make all the packets you would normally just accept jump to the acpt chain, this then logs the packet and accepts it.


any closer ??