Recipe 2.23 Logging Simplified

Previous page
Table of content
Next page

2.23.1 Problem

You want your firewall to log and drop certain packets.

2.23.2 Solution

For iptables, create a new rule chain that logs and drops in sequence:

# iptables -N LOG_DROP # iptables -A LOG_DROP -j LOG --log-level warning --log-prefix "dropped" -m limit # iptables -A LOG_DROP -j DROP

Then use it as a target in any relevant rules:

# iptables ...specification... -j LOG_DROP

For ipchains:

# ipchains ...specification... -l -j DROP

2.23.3 Discussion

iptables's LOG target causes the kernel to log packets that match your given specification. The log-level option sets the syslog level [Recipe 9.27] for these log messages and log-prefix adds an identifiable string to the log entries. The further options log-prefix, log-tcp-sequence, log-tcp-options, and log-ip-options affect the information written to the log; see iptables(8).

LOG is usually combined with the limit module (-m limit) to limit the number of redundant log entries made per time period, to prevent flooding your logs. You can accept the defaults (3 per hour, in bursts of at most 5 entries) or tailor them with limit and limit-burst, respectively.

ipchains has much simpler logging: just add the -l option to the relevant rules.

2.23.4 See Also

iptables(8), ipchains(8).

Previous page
Table of content
Next page
Linux Security Cookbook
Linux Security Cookbook
ISBN: 0596003919
EAN: 2147483647
Year: 2006
Pages: 247
Authors: Daniel J. Barrett, Richard E. Silverman, Robert G. Byrnes
BUY ON AMAZON
Image Processing with LabVIEW and IMAQ Vision
Systematic Software Testing (Artech House Computer Library)
The Complete Cisco VPN Configuration Guide
Mastering Delphi 7
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
InDesign Type: Professional Typography with Adobe InDesign CS2
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy