I'm still having issues with this.
I am running a (nearly) free install.
Here are my rules:
Code:
#!/bin/sh
# Constants - settings
PUBLIC_INT="[removed]"
CLIENT_INT="[removed]"
LOOPBACK_INT="lo"
SSH_PORT=[removed]
MYSQL_PORT=[removed]
# Flush old rules
sudo ../droprules.sh
echo -n "Setting new rules..."
# Set policies
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
# Logging chain
iptables -N LOG_DROP
iptables -A LOG_DROP -j LOG --log-tcp-options --log-ip-options --log-prefix "[IPTABLES DROP] : "
iptables -A LOG_DROP -j DROP
# INPUT RULES
# Allow loopback packets
iptables -A INPUT -i $LOOPBACK_INT -j ACCEPT
# Allow packets from established and related connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow SSH packets
iptables -A INPUT -p tcp --dport $SSH_PORT -j ACCEPT
# Allow MySQL, through client IP address
iptables -A INPUT -d $CLIENT_INT -p tcp --dport $MYSQL_PORT -j ACCEPT
# Drop anything else
iptables -A INPUT -j LOG_DROP
# FORWARD RULES
# Drop everything
iptables -A FORWARD -j LOG_DROP
# OUTPUT RULES
# Allow loopback traffic
iptables -A OUTPUT -o $LOOPBACK_INT -j ACCEPT
# Allow SSH output traffic
iptables -A OUTPUT -p tcp --sport $SSH_PORT -j ACCEPT
# Allow outward MySQL packets
iptables -A OUTPUT -s $CLIENT_INT -p tcp --sport $MYSQL_PORT -j ACCEPT
# Allow outbound FTP
#iptables -A OUTPUT -p tcp --dport 80 --sport 32768:61000 -j ACCEPT
# Drop everything else
#iptables -A OUTPUT -j DROP
echo "done"
echo "New rules:\n\n"
iptables -v -L
echo "\n"
And here is the contents of my syslogd.conf file:
Code:
# /etc/syslog.conf Configuration file for syslogd.
#
# For more information see syslog.conf(5)
# manpage.
#
# First some standard logfiles. Log by facility.
#
auth,authpriv.* -/var/log/auth.log
*.*;auth,authpriv.none -/var/log/syslog
#cron.* -/var/log/cron.log
daemon.* -/var/log/daemon.log
kern.* -/var/log/kern.log
lpr.* -/var/log/lpr.log
mail.* -/var/log/mail.log
user.* -/var/log/user.log
#
# Logging for the mail system. Split it up so that
# it is easy to write scripts to parse these files.
#
mail.info -/var/log/mail.info
mail.warning -/var/log/mail.warn
mail.err -/var/log/mail.err
# Logging for INN news system
#
news.crit -/var/log/news/news.crit
news.err -/var/log/news/news.err
news.notice -/var/log/news/news.notice
#
# Some `catch-all' logfiles.
#
*.=debug;\
auth,authpriv.none;\
news.none;mail.none -/var/log/debug
*.=info;*.=notice;*.=warning;\
auth,authpriv.none;\
cron,daemon.none;\
mail,news.none -/var/log/messages
#
# Emergencies are sent to everybody logged in.
#
*.emerg *
#
# I like to have messages displayed on the console, but only on a virtual
# console I usually leave idle.
#
#daemon,mail.*;\
# news.=crit;news.=err;news.=notice;\
# *.=debug;*.=info;\
# *.=notice;*.=warning /dev/tty8
# The named pipe /dev/xconsole is for the `xconsole' utility. To use it,
# you must invoke `xconsole' with the `-file' option:
#
# $ xconsole -file /dev/xconsole [...]
#
# NOTE: adjust the list below, or you'll go crazy if you have a reasonably
# busy site..
#
daemon.*;mail.*;\
news.err;\
*.=debug;*.=info;\
*.=notice;*.=warning |/dev/xconsole
It's imperative that I am able to read my iptables logs. I've gone through all of the log files in /var/log and I cannot find anything in there.
I have tried sending some HTTP packets to the server (which are blocked) and these are showing in the IPTABLES status, if I list it.
Where am I going wrong?
I am using Ubuntu 10.04.3 LTS, as a VPS hosted by WizzVPS.
Bookmarks