Logging and rejecting with iptables - Roundtable

11 Apr 2001


      Further to the question last night on how to both log and drop a packet,
it is done with an extra chain.  I created a LOGGING chain with a default
policy of ACCEPT.  The first rule in INPUT was then to jump to LOGGING.
Here is what I have (my apologies for any wrapping)
[root@poochie /root]# iptables -N LOGGING
[root@poochie /root]# iptables -A LOGGING -p tcp --dport printer -j LOG
[root@poochie /root]# iptables -I INPUT -j LOGGING
[root@poochie /root]# iptables -L INPUT -v
Chain INPUT (policy ACCEPT 1730617 packets, 454636701 bytes)
 pkts bytes target     prot opt in     out     source
destination
   42  2215 LOGGING    all  --  any    any     anywhere
anywhere
    5   300 REJECT     tcp  --  ppp0   any     anywhere
anywhere           tcp dpt:printer reject-with icmp-port-unreachable
... Telnetted to the printer port from another site ...
[root@poochie /root]# iptables -L INPUT -v
Chain INPUT (policy ACCEPT 1730622 packets, 454636941 bytes)
 pkts bytes target     prot opt in     out     source
destination
   48  2515 LOGGING    all  --  any    any     anywhere
anywhere
    6   360 REJECT     tcp  --  ppp0   any     anywhere
anywhere           tcp dpt:printer reject-with icmp-port-unreachable
/var/log/messages:
Apr 11 09:07:20 poochie kernel: IN=ppp0 OUT= MAC= SRC=204.112.146.80
DST=209.202.29.23 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=11222 DF PROTO=TCP
SPT=1254 DPT=515 WINDOW=32120 RES=0x00 SYN URGP=0
Sean
-- 
Sean A. Walberg sean@ertw.com              http://www.ertw.com *updated!*
Join the weekly brainbuzz.com Linux newsletter for news and resources!
Send a blank email to: join-linuxnews@list.brainbuzz.com