RE: Please ... how can i log all packets dropped ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

 
Maybe I did my question wrong ... Sorry.
I wanna LOG all packet dropped, but I don?t wanna do one rule for each port
or kind of packet, my rule's script is like this:

##########################################################
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

iptables -P FORWARD -p tcp -s $REDELOCAL -d 200.228.185.225 --dport 25 -
ACCEPT
iptables -P FORWARD -p tcp -s $REDELOCAL -d 200.228.185.225 --dport 110 -
ACCEPT
##########################################################

Now, i wanna LOG all dropped packets, everyone that try to access other ip
address or port must be log, how can i get it ?


ATs,
Juliano Murlick
SICREDI Serviços - Tecnologia
jmurlick@xxxxxxxxxxxxxx
(51) 3358-4977 / (51) 9951-3888



-----Original Message-----
From: Ramin Dousti [mailto:ramin@xxxxxxxxxxxxxxxxxxxx] 
Sent: sábado, 19 de julho de 2003 19:06
To: Juliano Murlick
Cc: netfilter@xxxxxxxxxxxxxxxxxxx

On Sat, Jul 19, 2003 at 02:38:01PM -0300, Juliano Murlick wrote:

> Hello ALL,
> I need log all packet dropped on my firewall, how can i get it ? I 
> know how log all that i accept, like this:

If I understand your question correctly:
If you want to log the dropped packets only then you must allow the ones you
want in the beginning of your rule set and the very last rule (right before
the default DROP policy) must be LOG.

Ramin

>  
> iptables -A FORWARD -p tcp -s $REDELOCAL --sport 1024:65535 -d $SSHSRV 
> --sport 22 -j LOG iptables -A FORWARD -p tcp -s $REDELOCAL --sport 
> 1024:65535 -d $SSHSRV --sport 22 -j ACCEPT
>  
> i will LOG all packet from ssh connection, but i don't  to log all 
> packet dropped, my default policy is DROP:
>  
> iptables -P FORWARD DROP
>  
> please, if anyone knows it ? tell me ....
>  
>  
> Thanks in advance!
> 
> Att,
> Juliano Murlick
> 
> 
>  
> 
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.500 / Virus Database: 298 - Release Date: 10/7/2003
>  
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.500 / Virus Database: 298 - Release Date: 10/7/2003
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.500 / Virus Database: 298 - Release Date: 10/7/2003
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux