output from /bin/bash -vx /root/iptables 2>&1
/bin/bash -vx /root/iptables 2>&1
#!/bin/bash
iptables -v -F;
+ iptables -v -F
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `port-scan'
iptables -v -A INPUT -i lo -j ACCEPT;
+ iptables -v -A INPUT -i lo -j ACCEPT
ACCEPT all opt -- in lo out * 0.0.0.0/0 -> 0.0.0.0/0
########### BASIC RULE SET #############
iptables -v -P INPUT DROP # Default Policy DROP
+ iptables -v -P INPUT DROP
iptables -v -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT; # ACCEPT ESTABLISHED
+ iptables -v -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
ACCEPT all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 state RELATED,ESTABLISHED
########### DROP SPOOFED PACKETS ###############
iptables -A INPUT -s 127.0.0.0/8 ! -i lo -j DROP --log-level 4 --log-prefix "SPOOF PACKETS"
+ iptables -A INPUT -s 127.0.0.0/8 '!' -i lo -j DROP --log-level 4 --log-prefix 'SPOOF PACKETS'
iptables v1.4.9: unknown option `--log-level'
Try `iptables -h' or 'iptables --help' for more information.
########### LOG/DROP NEW CONNECTIONS ##############
iptables -A INPUT -p tcp -m state --state NEW -j LOG # LOG NEW TCP CONNECTIONS
+ iptables -A INPUT -p tcp -m state --state NEW -j LOG
iptables -A INPUT -p tcp -m state --state NEW -j DROP # BLOCK NEW TCP CONNECTIONS
+ iptables -A INPUT -p tcp -m state --state NEW -j DROP
########### LOG/DROP SSH AND SEDMAIL ##############
iptables -v -A INPUT -p tcp -s 0/0 --dport 22 -j LOG # LOG SSH ATTEMPTS
+ iptables -v -A INPUT -p tcp -s 0/0 --dport 22 -j LOG
LOG tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:22 LOG flags 0 level 4
iptables -v -A INPUT -p tcp -s 0/0 --dport 22 -j DROP # BLOCK SSH
+ iptables -v -A INPUT -p tcp -s 0/0 --dport 22 -j DROP
DROP tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:22
iptables -v -A INPUT -p tcp -s 0/0 --dport 25 -j LOG # LOG SENDMAIL
+ iptables -v -A INPUT -p tcp -s 0/0 --dport 25 -j LOG
LOG tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:25 LOG flags 0 level 4
iptables -v -A INPUT -p tcp -s 0/0 --dport 25 -j DROP # BLOCK SENDMAIL
+ iptables -v -A INPUT -p tcp -s 0/0 --dport 25 -j DROP
DROP tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:25
########### INPUT THAT IS NEEDED #################
iptables -v -A INPUT -m state -m tcp --proto tcp --dport 80 --state NEW -j ACCEPT; # HTTP
+ iptables -v -A INPUT -m state -m tcp --proto tcp --dport 80 --state NEW -j ACCEPT
ACCEPT tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 state NEW tcp dpt:80
iptables -v -A INPUT -m state -m udp --proto udp --dport 53 --state NEW -j ACCEPT; # DNS
+ iptables -v -A INPUT -m state -m udp --proto udp --dport 53 --state NEW -j ACCEPT
ACCEPT udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 state NEW udp dpt:53
iptables -v -A INPUT -m state -m tcp --proto tcp --dport 53 --state NEW -j ACCEPT; # DNS
+ iptables -v -A INPUT -m state -m tcp --proto tcp --dport 53 --state NEW -j ACCEPT
ACCEPT tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 state NEW tcp dpt:53
########### BLOCK SYN FLOOD ######################
iptables -A INPUT -i eth0 -p tcp ! --syn -m state --state NEW -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "SYN DROP"
+ iptables -A INPUT -i eth0 -p tcp '!' --syn -m state --state NEW -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix 'SYN DROP'
iptables -A INPUT -i eth0 -p tcp ! --syn -m state --state NEW -j DROP
+ iptables -A INPUT -i eth0 -p tcp '!' --syn -m state --state NEW -j DROP
########### DENY FRAGMENT PACKETS ###############
iptables -A INPUT -i eth0 -f -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "FRAG DROP"
+ iptables -A INPUT -i eth0 -f -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix 'FRAG DROP'
iptables -A INPUT -i eth0 -f -j DROP
+ iptables -A INPUT -i eth0 -f -j DROP
########### DROPS BAD PACKETS ###############
#iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
#iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
+ iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL ALL -j DROP
+ iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL ALL -j DROP
iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL NONE -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "NULL DROP"
+ iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL NONE -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix 'NULL DROP'
iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL NONE -j DROP # NULL packets
+ iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+ iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,FIN SYN,FIN -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "XMAS DROP"
+ iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,FIN SYN,FIN -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix 'XMAS DROP'
iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP #XMAS
+ iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
iptables -A INPUT -i eth0 -p tcp --tcp-flags FIN,ACK FIN -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "FIN DROP"
+ iptables -A INPUT -i eth0 -p tcp --tcp-flags FIN,ACK FIN -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix 'FIN DROP'
iptables -A INPUT -i eth0 -p tcp --tcp-flags FIN,ACK FIN -j DROP # FIN packet scans
+ iptables -A INPUT -i eth0 -p tcp --tcp-flags FIN,ACK FIN -j DROP
iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
+ iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
########### LIMIT PING ATTEMPTS ###################
iptables -A INPUT -p icmp -m icmp -m limit --limit 1/second -j ACCEPT
+ iptables -A INPUT -p icmp -m icmp -m limit --limit 1/second -j ACCEPT
########### BLOCK CERTAIN ICMP ###################
iptables -v -A INPUT -p icmp -j ACCEPT # ACCEPT ICMP PACKETS
+ iptables -v -A INPUT -p icmp -j ACCEPT
ACCEPT icmp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0
iptables -v -A INPUT -p icmp --icmp-type echo-request -j DROP # BLOCK ICMP ECHO
+ iptables -v -A INPUT -p icmp --icmp-type echo-request -j DROP
DROP icmp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 icmp type 8
########## PORTSCAN RULE SETUP ###################
iptables -N port-scan # BEGIN PORTSCAN RULES
+ iptables -N port-scan
iptables: Chain already exists.
iptables -A port-scan -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j RETURN #BLOCK PSCAN
+ iptables -A port-scan -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j RETURN
iptables -A port-scan -j LOG --log-level 4 --log-prefix "PORT SCAN" # LOG PORT SCAN
+ iptables -A port-scan -j LOG --log-level 4 --log-prefix 'PORT SCAN'
iptables -A port-scan -j DROP # DROP PORT SCAN
+ iptables -A port-scan -j DROP
iptables -v -A INPUT -j REJECT; # REJECT EVERYTHING ELSE
+ iptables -v -A INPUT -j REJECT
REJECT all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 reject-with icmp-port-unreachable
######## OUTPUT FOR SERVICES NEEDED ########
iptables -v -P OUTPUT ACCEPT # Default Policy Accept
+ iptables -v -P OUTPUT ACCEPT
iptables -v -A OUTPUT -o lo -j ACCEPT;
+ iptables -v -A OUTPUT -o lo -j ACCEPT
ACCEPT all opt -- in * out lo 0.0.0.0/0 -> 0.0.0.0/0
iptables -v -A OUTPUT -o eth0 -j ACCEPT;
+ iptables -v -A OUTPUT -o eth0 -j ACCEPT
ACCEPT all opt -- in * out eth0 0.0.0.0/0 -> 0.0.0.0/0
iptables -v -A OUTPUT -m tcp --proto tcp --dport 80 -j ACCEPT; # HTTP
+ iptables -v -A OUTPUT -m tcp --proto tcp --dport 80 -j ACCEPT
ACCEPT tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:80
iptables -v -A OUTPUT -m tcp --proto tcp --dport 443 -j ACCEPT; # HTTPS
+ iptables -v -A OUTPUT -m tcp --proto tcp --dport 443 -j ACCEPT
ACCEPT tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:443
iptables -v -A OUTPUT -m tcp --proto tcp --dport 445 -j ACCEPT; # SMB
+ iptables -v -A OUTPUT -m tcp --proto tcp --dport 445 -j ACCEPT
ACCEPT tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:445
iptables -v -A OUTPUT -m tcp --proto tcp --dport 53 -j ACCEPT; # DNS
+ iptables -v -A OUTPUT -m tcp --proto tcp --dport 53 -j ACCEPT
ACCEPT tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:53
iptables -v -A OUTPUT -m udp --proto udp --dport 53 -j ACCEPT; # DNS
+ iptables -v -A OUTPUT -m udp --proto udp --dport 53 -j ACCEPT
ACCEPT udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp dpt:53
iptables -v -A OUTPUT -m tcp --proto tcp --dport 5222 -j ACCEPT; #Google Talk or Jabber
+ iptables -v -A OUTPUT -m tcp --proto tcp --dport 5222 -j ACCEPT
ACCEPT tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:5222
iptables -v -A OUTPUT -m tcp --proto tcp --dport 5050 -j ACCEPT; #Yahoo
+ iptables -v -A OUTPUT -m tcp --proto tcp --dport 5050 -j ACCEPT
ACCEPT tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:5050
iptables -v -A OUTPUT -m tcp --proto tcp --dport 6667 -j ACCEPT; #IRC
+ iptables -v -A OUTPUT -m tcp --proto tcp --dport 6667 -j ACCEPT
ACCEPT tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:6667
iptables -v -A OUTPUT -m tcp --proto tcp --dport 7777 -j ACCEPT; #Jabber file Transfers
+ iptables -v -A OUTPUT -m tcp --proto tcp --dport 7777 -j ACCEPT
ACCEPT tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:7777
iptables -v -A OUTPUT -j REJECT;
+ iptables -v -A OUTPUT -j REJECT
REJECT all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 reject-with icmp-port-unreachable
######### DEFAULT DROPS #######
iptables -v -P FORWARD DROP # Default Policy DROP
+ iptables -v -P FORWARD DROP
iptables -v -A FORWARD -j REJECT;
+ iptables -v -A FORWARD -j REJECT
REJECT all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 reject-with icmp-port-unreachable
######### IPTABLES SAVE ##################
iptables-save > /tmp/iptables;
+ iptables-save
iptables-restore < /tmp/iptables;
+ iptables-restore
/etc/init.d/iptables save
+ /etc/init.d/iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
as far as rsyslog.conf
cat /etc/rsyslog.conf
#rsyslog v3 config file
# if you experience problems, check
#
http://www.rsyslog.com/troubleshoot for assistance
#### MODULES ####
$ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command)
$ModLoad imklog.so # provides kernel logging support (previously done by rklogd)
#$ModLoad immark.so # provides --MARK-- message capability
# Provides UDP syslog reception
#$ModLoad imudp.so
#$UDPServerRun 514
# Provides TCP syslog reception
#$ModLoad imtcp.so
#$InputTCPServerRun 514
#### GLOBAL DIRECTIVES ####
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on
#### RULES ####
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
kern.* /var/log/iptables.log
The rest of rsyslog.conf is all original the only line i edited is the kern.* /var/log/iptables.log
Thank you again for your response.