June 2003
Intermediate to advanced
336 pages
8h 54m
English
Content preview from Linux Security CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
2.23. Logging Simplified
Problem
You want your firewall to log and drop certain packets.
Solution
For
iptables
, create a new rule chain that logs
and drops in sequence:
# iptables -N LOG_DROP # iptables -A LOG_DROP -j LOG --log-level warning --log-prefix "dropped" -m limit # iptables -A LOG_DROP -j DROP
Then use it as a target in any relevant rules:
# iptables ...specification... -j LOG_DROPFor
ipchains
:
# ipchains ...specification... -l -j DROPDiscussion
iptables’s LOG target causes the kernel to log packets that match your given specification. The —log-level option sets the syslog level [Recipe 9.27] for these log messages and —log-prefix adds an identifiable string to the log entries. The further options —log-prefix, —log-tcp-sequence, —log-tcp-options, and —log-ip-options affect the information written to the log; see iptables(8).
LOG is usually combined with the limit module (-m
limit) to limit the number of
redundant log entries made per time period, to prevent flooding your
logs. You can accept the defaults (3 per hour, in bursts of at most 5
entries) or tailor them with —limit and
—limit-burst, respectively.
ipchains has much simpler logging: just add the -l option to the relevant rules.
See Also
iptables(8), ipchains(8).