LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 08-17-2004, 05:34 AM   #1
Obie
Member
 
Registered: Apr 2004
Distribution: Red Hat
Posts: 290

Rep: Reputation: 30
Question iptables and /var/log/syslog


Assuming I have all my policies set to drop and am attempting to access the web which would on Port 80 does iptables log this request within var/log/syslog. The reason I ask is because that helps me trace what Ports are being requested and if I need to allow it access and the same for incoming requests.

Last edited by Obie; 08-17-2004 at 03:58 PM.
 
Old 08-17-2004, 06:19 AM   #2
Charalambos
Member
 
Registered: Aug 2004
Location: Switzerland
Distribution: debian
Posts: 149

Rep: Reputation: 15
You have to set the rule to log what you want:
iptables -I OUTPUT <line-nr> -j LOG [--log-prefix "iptables HTTP-log:"]

The --log-prefix is optional, it will add before every log entry the string specified.
 
Old 08-17-2004, 06:22 AM   #3
BlueKnight
Member
 
Registered: Jul 2004
Distribution: Slackware
Posts: 32

Rep: Reputation: 15
No, you have to log them as well. Insert a rule, which sends the packets to LOG.

Example: iptables -a OUTPUT -j LOG

Last edited by BlueKnight; 08-17-2004 at 02:39 PM.
 
Old 08-17-2004, 03:57 PM   #4
Obie
Member
 
Registered: Apr 2004
Distribution: Red Hat
Posts: 290

Original Poster
Rep: Reputation: 30
I assume that "iptables -A OUTPUT -j LOG" would log all outgoing packets. How do I know which are being dropped or denied?
 
Old 08-18-2004, 01:54 AM   #5
BlueKnight
Member
 
Registered: Jul 2004
Distribution: Slackware
Posts: 32

Rep: Reputation: 15
Quote:
How do I know which are being dropped or denied?
Well, this is totally a question of what kind of firewall setup yuo have. Basically, you should log everything that is not matched by some accept rules or just before the packets are dropped.

Example how to log all traffic to port 22:

Code:
iptables -N SOME_RULE1 
iptables -A SOME_RULE1 -p tcp --dport 22 -j LOG
iptables -A SOME_RULE1 -p tcp --dport 22 -j DROP
This is of course totally up to your setup and needs.

Note: You should of course specify some type of --log-prefix "SOME TEXT HERE " in order to recognize why and where it was logged.
 
Old 08-18-2004, 03:02 AM   #6
Obie
Member
 
Registered: Apr 2004
Distribution: Red Hat
Posts: 290

Original Poster
Rep: Reputation: 30
BlueKnight,

Thank you. I guess what I am looking for is something similar to Symantec's firewall where despite me not requesting to log it, it still shows me what is being dropped. e.g. If I didn't specify Port 22 to be dropped and where my default policy is to drop every connection I would like to have it logged and within the logs tell me that Port 22 has been dropped.

For example this would help me ascertain if I should allow a particular software to access the requested port. For instance on my Windows machine which has Norton firewall, it will prompt me if I wish to allow Internet Explorer to access the web on Port 80. I don't expect the same for what I am doing in command line but it would be nice if I could see the packets being logged. Hopefully I haven't been longwinded.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Deleted /var/log/messages, can't log any files-iptables chingyenccy Linux - Newbie 7 02-27-2005 05:03 PM
iptables prob in /var/log/messages globeTrotter Linux - Networking 9 11-17-2004 04:02 PM
iptables prob in /var/log/messages pt3 globeTrotter Linux - Networking 5 11-12-2004 01:43 PM
iptables prob in /var/log/messages pt2 globeTrotter Red Hat 1 11-11-2004 06:23 PM
iptables, changing log file from /var/log/messages acid2000 Linux - Networking 3 03-11-2003 09:38 PM


All times are GMT -5. The time now is 08:47 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration