BLFS Firewall (iptables)
Hello,
I'm trying to learn about firewalls by going through BLFS "Setting Up a Network Firewall". I've installed iptables package and created the "Personal Firewall" script. As far as I know it is running, but how do I track/monitor activities? How do I know it is actually doing its job? The chapter doesn't say. Where do I view the logfile? I am using 7.9 systemd version. |
You should add iptables rules for logging. e.g. http://www.thegeekstuff.com/2012/08/...s-log-packets/
Log to a place that makes sense. e.g. /var/log/iptables Modify syslog or rsyslog to output to a file. e.g. http://www.cyberciti.biz/tips/force-...-log-file.html |
Also, iptables-save shows a count of bytes & packets, per chain, which helps a bit.
|
You can check if you are secure here:
https://www.grc.com/x/ne.dll?bh0bkyd2 Been using shields up for years, you can scan common ports, a range of ports or a single port, find out what a port is for etc, etc. |
Thanks for all the feedback so far.
As it says in the firewall chapter of BLFS, it is a complex issue and there is a lot I need to learn/read. Using the script provided in this chapter, I can view the log using "dmesg | grep 'FIREWALL'". It shows me some packet information, something like: Code:
...snip |
I have a service script and rules script for iptables that I publish (iptables.rules are my actual rules). That iptables script also has logging. It also a more involved iptables example than your average script.
See man iptables. That thoroughly discusses every option I'm using. Why did I design it that way? Because I want to easily add and remove rules without refreshing my whole firewall. I took concepts from RedHat's firewalld and made them my own. I have chains for when I'm on my internal network vs VPN vs anywhere else. Also notice I configure outbound rules. Configuring outbound rules goes a long way for securing a computer. Most guides you encounter won't discuss it much. My iptables service script is what I use in a SysV init based startup. You might need to change it depending on the init system you're using. In general, you can load the firewall rules using the following command. Code:
iptables-restore < /etc/iptables.rules |
All times are GMT -5. The time now is 03:29 PM. |