Re: HOWTO: Set a custom firewall (iptables) and Tips
Hi Frodon
In your own script, which I'm following, you create a "Log Chain".
Can you please tell me where can I find all blocked connections (both input and output)?
Or what command shall I use in order to see all those blocked connections?
Note: it is very important to be able to check all blocked connections (both input and output), in order to see if I'm blocking any legitimate traffic and in order to detect any attacks.
cheers
Re: HOWTO: Set a custom firewall (iptables) and Tips
I don't think the log will help you because it is a really really huge log, in my script i don't use the log generation because it takes ressources to create a log i don't need.
To generate the log replace all the DROP commands you want a log for by the LOG_DROP chain instead. Then open the /etc/syslog.conf file and add this to the bottom :
Code:
#IPTables logging
kern.debug;kern.info /var/log/firewall
And restart the log daemon :
Code:
sudo /etc/init.d/sysklogd restart
Re: HOWTO: Set a custom firewall (iptables) and Tips
Thank you for your answer.
I'm struggling with this issue, but I still can't log any iptables messages.
I would like all block connections to be logged to /var/log/messages.
Perhaps the problem resides on the firewall script.
In order to try logging all blocked (dropped) connections I have been using the following entries on my firewall script:
#iptables -N LOG_DROP
#iptables -A LOG_DROP -j LOG --log-prefix '[IPTABLES DROP] : '
#iptables -A LOG_DROP -j DROP
Do you think there's something wrong with these entries? They are the only ones I use in order to try to log all block (dropped) connections to /var/log/messages.
Have a nice day.
Re: HOWTO: Set a custom firewall (iptables) and Tips
Uncomment the lines (remove the # character) to allow the LOG_DROP chain creation and replace everywhere you put "DROP" by "LOG_DROP" instead so the packets will be send through the LOG_DROP chain instead of the DROP chain directly.
Re: HOWTO: Set a custom firewall (iptables) and Tips
Thanks for your reply.
I know what the "#" character mean and does. I tested the script without the "#". But because it didn't work I commented those lines. So when passing the rules to here, with the # character, I made a mistake, Sorry. :)
My intention is to know when something gets blocked against my willing.
If I replace DROP by LOG_DROP only the connections I decided on purpose to be blocked will be logged.
So, in the mean time I think I found a way to get what I want:
iptables -A INPUT -j LOG --log-prefix "In" --log-level 4 --log-tcp-options --log-ip-options
iptables -A OUTPUT -j LOG --log-prefix "Out" --log-level 4 --log-tcp-options --log-ip-options
These rules seem to work. I hope they don't introduce any security risks...
Cheers
Re: HOWTO: Set a custom firewall (iptables) and Tips
I installed your scripts and after starting the firewall I could not log into my ftp server. After running the 'flush' script I could. darn.
Re: HOWTO: Set a custom firewall (iptables) and Tips
Which port use your ftp server juantao ?
Eventually join your ftp server configuration file in the next post.
Re: HOWTO: Set a custom firewall (iptables) and Tips
i have been using ubuntu for a month now. i used your firewall script today and it worked excellently. thank you ! i have one problem though . i use an adsl connection and my NIC is configured to get address automatically via dhcp server when the modem is switched on,. now when the firewall is running when i put 192.168.1.1 in my browser's address bar, i can not get the modem configuration page. it says
Quote:
An error occurred while loading
http://192.168.1.1:]
Timeout on server
Connection was to 192.168.1.1 at port 80
but if i stop the firewall , then i can get the usual login page. so what code do i need to put in the script ?
i figure it is i requesting connection at port 80 to ip 192.168.1.1 using tcp protocol ( correct me if i am wrong) via my ethernet card which is eth0. my internet interface is ppp0. so i should put
iptables -A TRUSTED -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT. besides this line , the firewall script is exactly as it is your example script. what am i doing wrong ?:(
btw i had the same problem with firestarter.
Re: HOWTO: Set a custom firewall (iptables) and Tips
If 192.168.1.1 is your modem address and you need to access it often maybe you could just accept all packets from 192.168.1.1, it would make something like that :
Code:
iptables -A TRUSTED -i eth0 -s 192.168.1.1 -j ACCEPT
Re: HOWTO: Set a custom firewall (iptables) and Tips
thanks ! it worked like a charm :popcorn:
