||06-21-2010 06:44 PM
iptables: logging all protocols (not just tcp, udp, icmp)
Brief overview of my current setup:
iptables -A INPUT -p ALL -j ip_blacklist
iptables -A INPUT -p tcp -j tcp_packets
iptables -A INPUT -p udp -j udp_packets
iptables -A INPUT -p icmp -j icmp_packets
iptables -A INPUT -j LOG --log-prefix 'Default INPUT policy: ' --log-level 5
The ip_blacklist chain is used to immediately drop any traffic from specified address ranges, while the tcp_, udp_, and icmp_packets chains contain rules for further processing of those protocols. The last rule in each of the latter three chains drops all packets that didn't match any rules above it; so tcp, udp, and icmp packets should NOT get caught by the default INPUT policy (DROP). The goal of the last rule on the INPUT chain is to then log any packets that are picked up by the default policy. However, it's not working.
I can tell that there are packets being picked off by the default policy because the counters are being incremented, but nothing is logged by that last rule. My conclusion is that it's only looking for tcp, udp, and icmp packets and ignoring everything else.
So, can anybody tell me how to get iptables to log all the other protocols (or whatever is being caught by the default policy)?