How can I set my firewall to log all dropped(rejected) packets?
 

How can I set my firewall to log all dropped(rejected) packets?

I use IP tables.

the way i set up my firewall was to module pretty much every single ip_tables related option in the kernel, and use firestarter as my UI to monitor packets. firestarter isnt the most powerful UI out there, but it will all get the job done and be very secure :cool:

if you need help with the kernel compilation just give me a shout! :)

I am not an iptables expert, but if you place LOG --logprefix "Say what you want here" at the end of the chain. That should log any attemp that the chain picked up.

depending on the amount of packets you are dropping/rejecting i dont know that logging all would be a good idea.

i have a chain that i create to do the logging before sending to DROP
then you would call 'dropit' where you would normally call DROP
so the 'ip-to-drop' will come in on INPUT, jump to 'dropit' (logged at a rate of 15 per minute) and then jump to DROP

you can change the rate to whatever fits your needs

hope this helps

I use Firestarter, and have a program called LogWatch on FC3 (came with the distro), and LogCheck on Debian. Both send mail to root every day with lots of security related info including nicely summarized firewall hits. After studying them a few days, and beginning to understand the source of many of them, I am gradually telling Firestarter to quit logging some of the more common ones.