Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Red Hat CentOS Ubuntu FreeBSD OpenSuSe
Posts: 252
Rep:
Quote:
Originally Posted by GhostCow
restart syslog and check again
don't forget, syslog MUST BE RESTARTED AFTER INITIALIZING LOG RULE
Insert this chain:
# Create chain which blocks new connections, except if coming from inside.
# ----------------------------------------------------------
iptables -N block
iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A block -m state --state NEW -i ! eth0 -j ACCEPT
iptables -A block -j LOG --log-prefix "DROP UNTRUSTED NETWORKS "
iptables -A block -j DROP
Then I edited /etc/syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
kern.* /var/log/firewall.log
You can also add the log file on logrotate.d so it will not accumulate. Dont forget to restart syslog
Give me an IP address and a port number and I'll try to access your server (using ssh). You should be able to watch the attempts come in and being blocked. Pick a weird port number - perhaps 7890.
Happy to try if you want me to. Email me if you don't want to post an IP address.
the e-mail is there
but witch code of this line would say that its blocked
example:
May 1 11:22:55 office kernel: IN=eth1 OUT=eth0 SRC=10.0.0.200 DST=77.30.124.216 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=13237 DF PROTO=TCP SPT=1416 DPT=222 WINDOW=16384 RES=0x00 SYN URGP=0
The log doesn't and won't tell you that it has been blocked. You have to assume that from the fact that the next target/rule after your log target is your DROP rule.
All you can assume from the message in your log file is that this packet has reached your LOG rule in the IP table.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.