[SOLVED] iptables troubleshooting icmp and best place to log /var/log/messages or /var/log/iptables

JockVSJock · 02-11-2016, 12:16 PM

Ok, what I've learned from this is that loopback rules at the top.

You also said ESTABLISHED,RELATED also at the top, following the loopback. Does that go for any port/protocol?

The OUTPUT lines didn't copy over...so my mistake.

I'm not sure about the logging. You are right, in that it is logging everything. I'm getting flooded by ARP and Broadcast traffic. I'm would like to whittle it down to Oracle and SSH traffic. Just got to research it.

Thanks again for taking the time...I'm learning the ins and outs of IPTables.

unSpawn · 02-11-2016, 05:53 PM

Quote:

Originally Posted by JockVSJock

You also said ESTABLISHED,RELATED also at the top, following the loopback. Does that go for any port/protocol?

Any protocol conntrack know about.

Quote:

Originally Posted by JockVSJock

I'm would like to whittle it down to Oracle and SSH traffic.

Code:

-A INPUT -s 192.168.10.0/255.255.255.0 -p tcp -m multiport --dports 22,1158,1521 -m state --state NEW -j LOG --log-prefix 'in_NEW_ORA_SSH '

JockVSJock · 02-11-2016, 07:25 PM

Right now I have the logging for iptables going to /var/log/messages. However I see you can also log to /var/log/iptables. Are there any advantages/disadvantages to either?

thanks

unSpawn · 02-12-2016, 12:31 AM

Quote:

Originally Posted by JockVSJock

Right now I have the logging for iptables going to /var/log/messages. However I see you can also log to /var/log/iptables. Are there any advantages/disadvantages to either?

As you can grep for firewall entries in the first that's "good enough" for simple purposes I'd say.