Quote:
|
Originally Posted by phsythax
is it possible to configure Iptables to show (eks 
A: all incomming connections
B: all ICMP traffic
.. in 2 different consoles? (aterms) |
I am not sure what you mean exactly. If what you want is a real-time picture of the connections currently held by your computer, suggestions have already been provided (netstat, among others).
If, however, you want to log all incoming connections (I assume you do
not want to log
all incoming traffic, as that would fill up your logs. You probably want only new connections initiated from outside (for services such as httpd)). For this, all you need is to modify your iptables rules. You might want to do this:
Code:
# filter table
iptables --new-chain ICMP
iptables --append ICMP --jump LOG --log-prefix "ICMP traffic traversing chains. "
#The beginning of your INPUT chain goes here
iptables --append INPUT --match state --state NEW --jump LOG --log-prefix "New incomming connection. "
iptables --append INPUT --protocol icmp --jump ICMP
#The ending of your INPUT chain goes here (includes all ACCEPTS)
#The beginning of your OUTPUT chain goes here
iptables --append OUTPUT --protocol icmp --jump ICMP
#The reest of your OUTPUT chain goes here (includes all ACCEPTS)
You can actually chose whether to put it before any ACCEPTs, DROPs, or REJECTs, in which case you log all attempted traffic. If you put it after the DROPs and REJECTs, only traffic that actually goes through will be logged. Remember
NOT to put any accepts before the logging, otherwise it will never reach the LOG target.
The logging is done through the kernel, so your going to have to configure syslog.conf or equivalent if you want something special (HINT: the --log-level flag can narrow it down a little).
There is also a newer package released by the netfilter team called ULOG (userspace logging), which requires a daemon listening, using the netlink socket (which, btw is very fun to work with), and therefore much more flexible (you can log very specifically -- what files, what format, etc.).
