LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Logging firewall with syslog-ng? (https://www.linuxquestions.org/questions/linux-security-4/logging-firewall-with-syslog-ng-350583/)

RecoilUK 08-06-2005 11:40 AM
Logging firewall with syslog-ng?
 
Hi guys

I have devloped a firewall configuration, but I,m unsure how to setup logging for it.

Here is the firewall conf...

Code:
#!/bin/sh

IPT=/sbin/iptables

# Set default policy of deny all traffic
$IPT -P INPUT DROP
$IPT -P OUTPUT DROP
$IPT -P FORWARD DROP

# Flush and delete all existing firewall rules
$IPT -F
$IPT -X
$IPT -Z

# Allow SSH traffic
$IPT -A INPUT -p tcp --dport 12222 -j ACCEPT
$IPT -A OUTPUT -p tcp --sport 12222 -j ACCEPT

# Allow DNS traffic
$IPT -A INPUT -p udp --sport 53 -j ACCEPT
$IPT -A OUTPUT -p udp --dport 53 -j ACCEPT

# Allow BF2 Sever traffic
$IPT -A INPUT -p udp --dport 16567 -j ACCEPT
$IPT -A OUTPUT -p udp --sport 16567 -j ACCEPT
$IPT -A INPUT -p udp --dport 16568 -j ACCEPT
$IPT -A OUTPUT -p udp --sport 16568 -j ACCEPT
$IPT -A INPUT -p udp --dport 16569 -j ACCEPT
$IPT -A OUTPUT -p udp --sport 16569 -j ACCEPT
How can I setup logging for this? basically I want to log everything the firewall rejects for the time being.

Thanks

Mara 08-06-2005 04:28 PM
Something as simple as this (added at the end of your rules):
iptables -A INPUT -j LOG
should work as you want. Note that the logs may grow very fast, so later think about limiting logs to a number of special cases.


All times are GMT -5. The time now is 10:04 AM.