Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Wie Iptables Log-Datei
 View unanswered posts
View posts from last 24 hours
View posts from last 7 days

 
Reply to topic    Gentoo Forums Forum Index Deutsches Forum (German)
View previous topic :: View next topic  
Author Message
SarahS93
l33t
l33t


Joined: 21 Nov 2013
Posts: 693
PostPosted: Sun Nov 02, 2014 8:12 am    Post subject: Wie Iptables Log-Datei Reply with quote
In meinem Iptablesscript habe ich unter anderem diese Zeilen:

Code:
...
$ipt -P INPUT   DROP
$ipt -P OUTPUT  DROP
$ipt -P FORWARD DROP
...
$ipt -A OUTPUT  -j LOG --log-prefix "out: "
$ipt -A FORWARD -j LOG --log-prefix "for: "
$ipt -A INPUT   -j LOG --log-prefix "in_: "
...


Und die entsprechenden Regeln die erlauben was durch darf.

Wie muss ich die Zeilen ändern damit alles was nicht in mein Regelwerk passt in /var/log/iptables.log landet?
Oder muss ich nur in /etc/syslog-ng/syslog-ng.conf etwas ändern/inzufügen?
Blicke da nicht durch :-/
Back to top
View user's profile Send private message
forrestfunk81
Guru
Guru


Joined: 07 Feb 2006
Posts: 565
Location: münchen.de
PostPosted: Tue Nov 04, 2014 3:28 pm    Post subject: Reply with quote
Ich bin auch kein IPTables Profi, aber folgendes funktioniert bei mir:

Erstmal alles erlauben, was man durchlassen will (z.B. ssh):
Code:

iptables -A INPUT -i eth0 -p tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 22 -m conntrack --ctstate ESTABLISHED -j ACCEPT
...


Neue Chain namens LOGGING anlegen:
Code:

iptables -N LOGGING


Alle nicht explizit freigegebenen Verbindungen an die LOGGING Chain leiten:
Code:
iptables -A INPUT -j LOGGING
iptables -A OUTPUT -j LOGGING


Packete der LOGGING Chain loggen
Code:

iptables -A LOGGING -j LOG --log-prefix "IPTables Packet Dropped: " --log-level 7


Packete der LOGGING Chain droppen
Code:

iptables -A LOGGING -j DROP

_________________
# cd /pub/
# more beer
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Deutsches Forum (German) All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy