I believe I am beginning to understand the netfilters logging proceedure now. To showoff my new found knowledge or to show just how dumb I can be, here are two iptables I put together. I am using iptable# 2 on my standalone dialup system & tested it via
www.hackerwatch.org/probe. It passed as "Secure"
Thank you & have a
Merry Christmas --stan
1.) I think this iptable will log
all incoming & outgoing
access requests to port HTTPS & then continue to transverse
the appropriate chain until the packet is terminated by a rule or policy
*filter
:INPUT DROP [255:31881]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [3310:398663]
-A INPUT -i ppp0 -p tcp -m tcp --dport 443 -j LOG --log-prefix "INPUT HTTPS REQUEST: "
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state INVALID -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -m state --state INVALID -j DROP
-A OUTPUT -o ppp0 -p tcp -m tcp --dport 443 -j LOG --log-prefix "OUTPUT HTTPS REQUEST: "
-A OUTPUT -m state --state INVALID -j DROP
COMMIT
2.) I think this iptable will log
all "
valid" INPUT & OUTPUT traffic that is dropped. Packets that are "invalid" are
dropped & terminated early in the chains so they never make it to jump LOG.
*filter
:INPUT DROP [1773:206284]
:FORWARD DROP [0:0]
:OUTPUT DROP [99:5976]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state INVALID -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -j LOG --log-prefix "INPUT-DROP: "
-A FORWARD -m state --state INVALID -j DROP
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -m state --state INVALID -j DROP
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o ppp0 -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m state --state NEW -m tcp --dport 110 -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A OUTPUT -o ppp0 -p icmp -m icmp --icmp-type 8 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -j LOG --log-prefix "OUTPUT-DROP: "
COMMIT