Iptables & UID issues

craftybytes · 10-01-2006, 03:29 AM

Hi group,

QUESTION: If I include the following to my iptables firewall script in /etc/rc.firewall - what code do I add to it to allow me to log (confirm) that script snippet works?

"# Allow packets by UID
Listuid="$(gawk -F:'{print $3}' /etc/passwd)"
for Xuid in $Listuid; do
iptables -t filter -A chk-own -o ppp0 -m owner --uid-owner $Xuid -j RETURN
done
iptables -t filter -A chk-own -m limit --limit 10/s -j logdrop5
"
and for 'logdrop5':

"iptables -N logdrop5
iptables -A logdrop5 -j LOG --log-prefix "ILLEGAL packet owner: "
iptables -A logdrop5 -j DROP
"

NOTE:- the "logdrop5" section logs and drops the packet ONLY if it is illegal - not if it is ok. I also want to log if it IS OK (to confirm that the 'match' option is working).

Any help would be appreciated ..).

Oz-Rod

bulliver · 10-01-2006, 11:03 AM

Just add the same rule with a log target before the return:

Code:

iptables -A chk-own -o ppp0 -m owner --uid-owner $Xuid -j LOG --log-prefix "OK packet owner: "

You may want to change $Xuid to a known OK uid just for testing, rather than creating a log rule for each uid.

BTW "-t filter" is redundant. The filter table is the default if no other is specified.

craftybytes · 10-01-2006, 08:04 PM

Hi bulliver,

Thanks for the reply! Actually reworked the check code to the following:

#Listuid="$(gawk -F:'{print $3}' /etc/passwd)"
#for X in $Listuid ; do
# if [[ $X == 1000 ]]; then
# iptables -A chk-own -m limit --limit 10/s -j logdrop5
# fi
#done
#iptables -A chk-own -o ppp0 -m owner --uid-owner $X -j "output chain name"

This seems to be working OK for the moment - will have to monitor my logs.

Thanks anyway.

Oz-Rod