Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
05-03-2006, 02:13 PM
|
#1
|
|
Member
Registered: Dec 2005
Location: This planet
Distribution: Debian,Xubuntu
Posts: 567
Rep: 
|
Ulogdrop
What module should i modprobe in an iptables'script for target LOGDROP and if there is , also an ULOGDROP cause i use ULOGD and relative options , thankssssssssss !!!!
Last edited by gabsik; 05-03-2006 at 02:15 PM.
|
|
|
|
|
05-04-2006, 08:11 PM
|
#2
|
|
Senior Member
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658
Rep:
|
I don't believe there are modules specifically for LOGDROP or ULOGDROP targets. Rather, they are user-defined chains that simply combine the LOG and DROP or ULOG and DROP targets. Like this:
Code:
iptables -N LOGDROP
iptables -A LOGDROP -j LOG
iptables -A LOGDROP -j DROP
iptables <whatever> -j LOGDROP
To use the ULOG target you will need the ULOG module. |
|
|
|
|
05-05-2006, 07:06 PM
|
#3
|
|
Member
Registered: Dec 2005
Location: This planet
Distribution: Debian,Xubuntu
Posts: 567
Original Poster
Rep:
|
I'm actually using ULOG and i use it in iptables , would have been handy an ulogdrop jump but a chain it's not going to work the same way ... !!!!
|
|
|
|
|
05-05-2006, 07:58 PM
|
#4
|
|
Senior Member
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658
Rep:
|
Sure it will. Create the user-defined chain named ULOGDROP and then add ULOG and DROP targets to it. Then just use ULOGDROP like it's a normal target. EG:
iptables -N ULOGDROP
iptables -A ULOGDROP -j ULOG
iptables -A ULOGDROP -j DROP
iptables -A INPUT <match some packets> -j ULOGDROP
If that doesn't work for you, maybe you should explain what you are trying to accomplish.
|
|
|
|
|
05-05-2006, 10:45 PM
|
#5
|
|
Member
Registered: Dec 2005
Location: This planet
Distribution: Debian,Xubuntu
Posts: 567
Original Poster
Rep:
|
Creating chains it's the only obscure point in creation of iptables rules i have sure because i don't know the potential of it.what you have just showed me opened landscapes to me ...............
|
|
|
|
|
05-05-2006, 10:52 PM
|
#6
|
|
Member
Registered: Dec 2005
Location: This planet
Distribution: Debian,Xubuntu
Posts: 567
Original Poster
Rep:
|
I need to log and drop all connections to ports not related to services i have allowed . If i put the above chain at the end of the input chain would i log and drop connections to not accepted ports from 1 to 65535 , i don't want to risk to drop allowed connections as www, mail ecc.
Do you see what i mean ?
Last edited by gabsik; 05-05-2006 at 10:55 PM.
|
|
|
|
|
05-06-2006, 07:29 AM
|
#7
|
|
Senior Member
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658
Rep:
|
In that case it would log and drop anything that reaches the end of the INPUT chain. So make sure to allow the ports that you want, before reaching the end of the chain. For example:
iptables -N ULOGDROP
iptables -A ULOGDROP -j ULOG
iptables -A ULOGDROP -j DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -j LOGDROP
So in essence, it is similar to if you had your default INPUT policy set to "LOGDROP". You can also send certain packets to LOGDROP instead, like this (say we only wanted to log and drop packets that came to one port (1433 for example):
iptables -N ULOGDROP
iptables -A ULOGDROP -j ULOG
iptables -A ULOGDROP -j DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp --dport 1433 -j LOGDROP
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 25 -j ACCEPT
Hope that helps
|
|
|
|
All times are GMT -5. The time now is 05:44 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
