buttnutt, info on logging
The way i log info on my firewall, i added this entry on my /etc/syslog.conf file:
kern.* /var/log/ip.log You can name the ip.log to whatever you want, you can even send it to the /var/log/messages file if you want, be carefull though because it can get too big. i usually just do this when i'm testing something. kern.* logs everything. |
as far as where toput them, you can put them anywhere. but what you need to do is use chmod to make them executeable and then yu have to call them from one of the boot scripts. I edited /etc/init.d/network and called mine from the end of the startup portion. This way my script executes as soon as my NIC interfaces are up.
|
i make some script that just allow some ip to browse web site but not for telnet ,ftp,ssh,etc.
#!/bin/sh echo "0" >/proc/sys/net/ipv4/ip_forward #drop anything iptables -F iptables -P INPUT iptables -P OUTPUT DROP iptables -P FORWARD DROP iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # enable to ping iptables -p ICMP -A OUTPUT -j ACCEPT iptables -p ICMP -A INPUT -j ACCEPT iptables -p ICMP -A FORWARD -j ACCEPT iptables -p TCP -A FORWARD -s 192.168.0.2 -sport 80 -j ACCEPT iptables -p TCP -A FORWARD -d 192.168.0.2 --dport 80 -j ACCEPT iptables -p TCP -A FORWARD -j DROP echo "1" > /proc/sys/net/ipv4/ip_forward but why i cant access web site ?? and what is the log function? plz help me:study: |
All times are GMT -5. The time now is 05:14 PM. |