Re: Firewall activity log -

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On Fri, Apr 23, 2010 at 1:10 PM, Bob Goodwin <bobgoodwin@xxxxxxxxxxxx> wrote:

   Through F-11 I ran Firestarter, it is not available for F-12 apparently.

   The attractive thing with firestarter was the log it produced. When
   I had a problem with an application I could look at the log and see
   what the firewall was blocking. How can I do that with the firewall
   provided with F-12. I have an application that doesn't work properly
   with the firewall enabled but is good with it disabled. Obviously I
   would like to know why.

   Any help appreciated.

You'd need to add log rules yourself.  How and where to add them depends
on your current firewall setup.

If you can test your failing application during a time when the network is quiet,
you can start by just looking at the counts to see where packets are being dropped.

For example, on my F12 desktop, I did the following as root.  The first command
zeroes out the counters, the second was done a few seconds later:

# iptables -Z
# iptables --line-number -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination        
1        9  1192 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
2        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0          
3        0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0          
4        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
5        1    97 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination        
1        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 10 packets, 1868 bytes)
num   pkts bytes target     prot opt in     out     source               destination        

As you can see, in the few seconds between commands, 9 RELATED or
ESTABLISHED packets came in (and were accepted by rule 1).  1 packet was
rejected by rule 5.

If I wanted to get details about the rejected packets, I'd add a log rule just before
the reject rule (DO NOT JUST COPY THIS COMMAND!  Your iptables rules
are probably different.):

  iptables -I INPUT 5 -j LOG --log-prefix "ipables INPUT: "

which would add a non-terminating LOG rule as rule 5 in the INPUT chain,
just before the REJECT (which would become rule 6).  Then you could
scan /var/log/messages for "iptables" entries, each of which would tell you
what type of packet was being rejected, including ip address, protocol and port.
 From that, you could craft an iptables rule to accept it.  I'm assuming that you
do all this from the target F12 system.

As always, be careful!  Learn as much about networking, iptables and the
specific failing app as you can.

Doesn't the failing app's documentation tell you what openings it needs in
the firewall?

--
Dale Dellutri
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux