LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-24-2006, 12:04 PM   #1
Thakowbbery
Member
 
Registered: Mar 2005
Posts: 138

Rep: Reputation: 17
Doubt: IPTables logging


Greetings

Inside a chain with default policy DROP, a rule like:

-A OUTPUT -j LOG --log-prefix "[OUTPUT DROP] : " --log-level 3

in my OUTPUT chain will log all packages that doesn't match any of my rules.

What I'd like to now is:

Is there a rule I can add, similar to that one, that will log all ACCEPTED packages? I thought about it and the idea of having to add a LOG rule for each ACCEPT rule really doesn't attract me :P

I just know the basics of IPTABLES, so I'd really could use some help into it

Thanks anyone for the attention =]
 
Old 08-24-2006, 12:11 PM   #2
sin
LQ Newbie
 
Registered: Jun 2005
Location: UK
Distribution: Slackware
Posts: 28

Rep: Reputation: 15
dude that was hard to read,

yes you can, say you have a rule like :

iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT

then do this :-

iptables -A OUTPUT -p tcp --dport 22 -j LOG --log-prefix "Output accepted : " --log-level 3
iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT
 
Old 08-24-2006, 02:32 PM   #3
Thakowbbery
Member
 
Registered: Mar 2005
Posts: 138

Original Poster
Rep: Reputation: 17
Guess it really is strange, sorry

Well, yeah, for that kind of logging I know, u just add a -j LOG rule before the ACCEPT rule and it will log it.

What I'd like to know is: Is there a rule I can add somewhere inside the chain that will log all ACCEPTED packages, even when the policy of that chain is set to DROP?
 
Old 08-25-2006, 12:39 PM   #4
sin
LQ Newbie
 
Registered: Jun 2005
Location: UK
Distribution: Slackware
Posts: 28

Rep: Reputation: 15
ahh ok then,

what you could do would be to set up a new chain that only accepts, then modify your accept rules to jump to this chain ..

iptables -N ACPT
iptables -A ACPT -j LOG --log-prefix "Accepted : " --log-level 3
ipatbles -A ACPT -j ACCEPT


then to your accept rules use,


iptables -p tcp --dport 22 -j ACPT


this will make all the packets you would normally just accept jump to the acpt chain, this then logs the packet and accepts it.


any closer ??

Last edited by sin; 08-25-2006 at 12:43 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Doubt with IPtables. deepanvenkatesh Linux - Security 1 10-25-2005 06:33 PM
Just a little doubt about IPTABLES Thakowbbery Linux - Security 8 09-07-2005 08:17 AM
Logging for IPTABLES logo Linux - Networking 4 10-11-2004 10:23 AM
iptables logging zsoltrenyi Linux - Software 1 08-19-2004 11:15 AM
I need help on iptables logging FunkFlex Linux - Security 1 01-17-2003 12:43 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:39 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration