LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   How does one define "-j LOG" targets in the firewall rules? (https://www.linuxquestions.org/questions/linux-security-4/how-does-one-define-j-log-targets-in-the-firewall-rules-4175415170/)

tonj 07-05-2012 07:04 PM
How does one define "-j LOG" targets in the firewall rules?
 
@unspawn: how does one define "-j LOG" targets in the firewall rules? I did a search on google before asking but couldn't find anything clear about this. (I use centos 5.8 btw)

chrism01 07-05-2012 08:44 PM
Maybe this will help
Quote:
LOG

Turn on kernel logging of matching packets. When this option is set for a rule, the Linux kernel will print some information on all matching packets (like most IP header fields) via the kernel log (where it can be read with dmesg or syslogd(8)). This is a "non-terminating target", i.e. rule traversal continues at the next rule. So if you want to LOG the packets you refuse, use two separate rules with the same matching criteria, first using target LOG then DROP (or REJECT).
http://linux.die.net/man/8/iptables

unSpawn 07-06-2012 12:28 AM
...and here's a very simple example to stdout of adding -j LOG rules before -j DROP ones:
Code:
DROPNR=0; cat /etc/sysconfig/iptables|while read LINE; do case "${LINE}" in
 *DROP) ((DROPNR++)); echo "${LINE//DROP/LOG} --log-prefix \"DROP_${DROPNR} \""; echo "${LINE}";;
 *) echo "${LINE}";;
esac; done


All times are GMT -5. The time now is 01:34 AM.