[Rndtbl] Logging and rejecting with iptables

Sean A. Walberg sean at ertw.com
Wed Apr 11 09:14:23 CDT 2001


Further to the question last night on how to both log and drop a packet,
it is done with an extra chain.  I created a LOGGING chain with a default
policy of ACCEPT.  The first rule in INPUT was then to jump to LOGGING.
Here is what I have (my apologies for any wrapping)

[root at poochie /root]# iptables -N LOGGING
[root at poochie /root]# iptables -A LOGGING -p tcp --dport printer -j LOG
[root at poochie /root]# iptables -I INPUT -j LOGGING
[root at poochie /root]# iptables -L INPUT -v
Chain INPUT (policy ACCEPT 1730617 packets, 454636701 bytes)
 pkts bytes target     prot opt in     out     source
destination
   42  2215 LOGGING    all  --  any    any     anywhere
anywhere
    5   300 REJECT     tcp  --  ppp0   any     anywhere
anywhere           tcp dpt:printer reject-with icmp-port-unreachable

... Telnetted to the printer port from another site ...

[root at poochie /root]# iptables -L INPUT -v
Chain INPUT (policy ACCEPT 1730622 packets, 454636941 bytes)
 pkts bytes target     prot opt in     out     source
destination
   48  2515 LOGGING    all  --  any    any     anywhere
anywhere
    6   360 REJECT     tcp  --  ppp0   any     anywhere
anywhere           tcp dpt:printer reject-with icmp-port-unreachable

/var/log/messages:

Apr 11 09:07:20 poochie kernel: IN=ppp0 OUT= MAC= SRC=204.112.146.80
DST=209.202.29.23 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=11222 DF PROTO=TCP
SPT=1254 DPT=515 WINDOW=32120 RES=0x00 SYN URGP=0

Sean

-- 
Sean A. Walberg <sean at ertw.com>              http://www.ertw.com *updated!*
Join the weekly brainbuzz.com Linux newsletter for news and resources!
Send a blank email to: join-linuxnews at list.brainbuzz.com




More information about the Roundtable mailing list