From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Juliano Murlick" Subject: Please ... how can i log all packets dropped ? Date: Sat, 19 Jul 2003 14:38:01 -0300 Sender: netfilter-admin@lists.netfilter.org Message-ID: Reply-To: Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0006_01C34E03.5ACC4230" Return-path: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: To: netfilter@lists.netfilter.org This is a multi-part message in MIME format. ------=_NextPart_000_0006_01C34E03.5ACC4230 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit Hello ALL, I need log all packet dropped on my firewall, how can i get it ? I know how log all that i accept, like this: iptables -A FORWARD -p tcp -s $REDELOCAL --sport 1024:65535 -d $SSHSRV --sport 22 -j LOG iptables -A FORWARD -p tcp -s $REDELOCAL --sport 1024:65535 -d $SSHSRV --sport 22 -j ACCEPT i will LOG all packet from ssh connection, but i don't to log all packet dropped, my default policy is DROP: iptables -P FORWARD DROP please, if anyone knows it ? tell me .... Thanks in advance! Att, Juliano Murlick --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.500 / Virus Database: 298 - Release Date: 10/7/2003 ------=_NextPart_000_0006_01C34E03.5ACC4230 Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable
Hello=20 ALL,
I need = log all=20 packet dropped on my firewall, how can i get it ? I know how log all = that i=20 accept, like this:
 
iptables -A FORWARD=20 -p tcp -s $REDELOCAL --sport 1024:65535 -d $SSHSRV --sport 22 -j=20 LOG
iptables -A FORWARD=20 -p tcp -s $REDELOCAL --sport 1024:65535 -d $SSHSRV --sport 22 -j=20 ACCEPT
 
i will = LOG all=20 packet from ssh connection, but i don't  to log all packet dropped, = my=20 default policy is DROP:
 
iptables -P FORWARD=20 DROP
 
please, if anyone=20 knows it ? tell me ....
 
 
Thanks = in=20 advance!

Att,
Juliano Murlick

 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.500 / Virus Database: 298 - Release Date: 10/7/2003

------=_NextPart_000_0006_01C34E03.5ACC4230-- From mboxrd@z Thu Jan 1 00:00:00 1970 From: "David Busby" Subject: Re: Please ... how can i log all packets dropped ? Date: Sat, 19 Jul 2003 12:49:39 -0700 Sender: netfilter-admin@lists.netfilter.org Message-ID: <007c01c34e2e$e42aacd0$1100000a@busbydev> References: Reply-To: "David Busby" Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: text/plain; charset="us-ascii" To: jmurlick@sicredi.com.br, netfilter@lists.netfilter.org At the end of the rules say -j LOG, any packet that makes it that far will then be droped by the policy. ----- Original Message ----- From: "Juliano Murlick" To: Sent: Saturday, July 19, 2003 10:38 Subject: Please ... how can i log all packets dropped ? > Hello ALL, > I need log all packet dropped on my firewall, how can i get it ? I know > how log all that i accept, like this: > > iptables -A FORWARD -p tcp -s $REDELOCAL --sport 1024:65535 -d $SSHSRV > --sport 22 -j LOG > iptables -A FORWARD -p tcp -s $REDELOCAL --sport 1024:65535 -d $SSHSRV > --sport 22 -j ACCEPT > > i will LOG all packet from ssh connection, but i don't to log all > packet dropped, my default policy is DROP: > > iptables -P FORWARD DROP > > please, if anyone knows it ? tell me .... > > > Thanks in advance! > > Att, > Juliano Murlick > > > > > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.500 / Virus Database: 298 - Release Date: 10/7/2003 > > > From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Juliano Murlick" Subject: RE: Please ... how can i log all packets dropped ? Date: Sat, 19 Jul 2003 18:01:55 -0300 Sender: netfilter-admin@lists.netfilter.org Message-ID: References: <007c01c34e2e$e42aacd0$1100000a@busbydev> Reply-To: Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Return-path: In-Reply-To: <007c01c34e2e$e42aacd0$1100000a@busbydev> Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: text/plain; charset="iso-8859-1" To: netfilter@lists.netfilter.org I don't understant ... i can't do some thing like this: iptables -P FORWARD -j LOG I have to do a rule for any kinf of packet that I wanna log ? ATs, Juliano Murlick SICREDI Servi=E7os - Tecnologia jmurlick@sicredi.com.br (51) 3358-4977 / (51) 9951-3888 -----Original Message----- From: David Busby [mailto:busby@pnts.com]=20 Sent: s=E1bado, 19 de julho de 2003 16:50 To: jmurlick@sicredi.com.br; netfilter@lists.netfilter.org At the end of the rules say -j LOG, any packet that makes it that far = will then be droped by the policy. ----- Original Message ----- From: "Juliano Murlick" To: Sent: Saturday, July 19, 2003 10:38 Subject: Please ... how can i log all packets dropped ? > Hello ALL, > I need log all packet dropped on my firewall, how can i get it ? I = know > how log all that i accept, like this: > > iptables -A FORWARD -p tcp -s $REDELOCAL --sport 1024:65535 -d $SSHSRV > --sport 22 -j LOG > iptables -A FORWARD -p tcp -s $REDELOCAL --sport 1024:65535 -d $SSHSRV > --sport 22 -j ACCEPT > > i will LOG all packet from ssh connection, but i don't to log all > packet dropped, my default policy is DROP: > > iptables -P FORWARD DROP > > please, if anyone knows it ? tell me .... > > > Thanks in advance! > > Att, > Juliano Murlick > > > > > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.500 / Virus Database: 298 - Release Date: 10/7/2003 > > > --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.500 / Virus Database: 298 - Release Date: 10/7/2003 =20 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.500 / Virus Database: 298 - Release Date: 10/7/2003 =20 From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ramin Dousti Subject: Re: Please ... how can i log all packets dropped ? Date: Sat, 19 Jul 2003 18:05:31 -0400 Sender: netfilter-admin@lists.netfilter.org Message-ID: <20030719220531.GA3868@cannon.eng.us.uu.net> References: Mime-Version: 1.0 Return-path: Content-Disposition: inline In-Reply-To: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: Juliano Murlick Cc: netfilter@lists.netfilter.org On Sat, Jul 19, 2003 at 02:38:01PM -0300, Juliano Murlick wrote: > Hello ALL, > I need log all packet dropped on my firewall, how can i get it ? I know how > log all that i accept, like this: If I understand your question correctly: If you want to log the dropped packets only then you must allow the ones you want in the beginning of your rule set and the very last rule (right before the default DROP policy) must be LOG. Ramin > > iptables -A FORWARD -p tcp -s $REDELOCAL --sport 1024:65535 -d $SSHSRV > --sport 22 -j LOG > iptables -A FORWARD -p tcp -s $REDELOCAL --sport 1024:65535 -d $SSHSRV > --sport 22 -j ACCEPT > > i will LOG all packet from ssh connection, but i don't to log all packet > dropped, my default policy is DROP: > > iptables -P FORWARD DROP > > please, if anyone knows it ? tell me .... > > > Thanks in advance! > > Att, > Juliano Murlick > > > > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.500 / Virus Database: 298 - Release Date: 10/7/2003 > From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Juliano Murlick" Subject: RE: Please ... how can i log all packets dropped ? Date: Mon, 21 Jul 2003 09:44:49 -0300 Sender: netfilter-admin@lists.netfilter.org Message-ID: References: <20030719220531.GA3868@cannon.eng.us.uu.net> Reply-To: Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Return-path: In-Reply-To: <20030719220531.GA3868@cannon.eng.us.uu.net> Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: text/plain; charset="windows-1252" To: 'Ramin Dousti' , netfilter@lists.netfilter.org =20 Maybe I did my question wrong ... Sorry. I wanna LOG all packet dropped, but I don=92t wanna do one rule for each = port or kind of packet, my rule's script is like this: ########################################################## iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP iptables -P FORWARD -p tcp -s $REDELOCAL -d 200.228.185.225 --dport 25 - ACCEPT iptables -P FORWARD -p tcp -s $REDELOCAL -d 200.228.185.225 --dport 110 = - ACCEPT ########################################################## Now, i wanna LOG all dropped packets, everyone that try to access other = ip address or port must be log, how can i get it ? ATs, Juliano Murlick SICREDI Servi=E7os - Tecnologia jmurlick@sicredi.com.br (51) 3358-4977 / (51) 9951-3888 -----Original Message----- From: Ramin Dousti [mailto:ramin@cannon.eng.us.uu.net]=20 Sent: s=E1bado, 19 de julho de 2003 19:06 To: Juliano Murlick Cc: netfilter@lists.netfilter.org On Sat, Jul 19, 2003 at 02:38:01PM -0300, Juliano Murlick wrote: > Hello ALL, > I need log all packet dropped on my firewall, how can i get it ? I=20 > know how log all that i accept, like this: If I understand your question correctly: If you want to log the dropped packets only then you must allow the ones = you want in the beginning of your rule set and the very last rule (right = before the default DROP policy) must be LOG. Ramin > =20 > iptables -A FORWARD -p tcp -s $REDELOCAL --sport 1024:65535 -d $SSHSRV = > --sport 22 -j LOG iptables -A FORWARD -p tcp -s $REDELOCAL --sport=20 > 1024:65535 -d $SSHSRV --sport 22 -j ACCEPT > =20 > i will LOG all packet from ssh connection, but i don't to log all=20 > packet dropped, my default policy is DROP: > =20 > iptables -P FORWARD DROP > =20 > please, if anyone knows it ? tell me .... > =20 > =20 > Thanks in advance! >=20 > Att, > Juliano Murlick >=20 >=20 > =20 >=20 > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.500 / Virus Database: 298 - Release Date: 10/7/2003 > =20 --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.500 / Virus Database: 298 - Release Date: 10/7/2003 =20 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.500 / Virus Database: 298 - Release Date: 10/7/2003 =20 From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ramin Dousti Subject: Re: Please ... how can i log all packets dropped ? Date: Mon, 21 Jul 2003 10:29:33 -0400 Sender: netfilter-admin@lists.netfilter.org Message-ID: <20030721142933.GB17849@cannon.eng.us.uu.net> References: <20030719220531.GA3868@cannon.eng.us.uu.net> Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Return-path: Content-Disposition: inline In-Reply-To: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: text/plain; charset="windows-1252" To: Juliano Murlick Cc: 'Ramin Dousti' , netfilter@lists.netfilter.org On Mon, Jul 21, 2003 at 09:44:49AM -0300, Juliano Murlick wrote: > =20 > Maybe I did my question wrong ... Sorry. > I wanna LOG all packet dropped, but I don=92t wanna do one rule for eac= h port > or kind of packet, my rule's script is like this: >=20 > ########################################################## > iptables -P INPUT DROP > iptables -P OUTPUT DROP > iptables -P FORWARD DROP >=20 > iptables -P FORWARD -p tcp -s $REDELOCAL -d 200.228.185.225 --dport 25 = - > ACCEPT > iptables -P FORWARD -p tcp -s $REDELOCAL -d 200.228.185.225 --dport 110= - > ACCEPT Add this here: iptables -A FORWARD -j LOG --log-level alert Also the two lines above must be "-A" and not "-P". So it becomes: ------------------------------ iptables -P FORWARD DROP iptables -A FORWARD -p tcp -s $REDELOCAL -d 200.228.185.225 --dport 25 -j= ACCEPT iptables -A FORWARD -p tcp -s $REDELOCAL -d 200.228.185.225 --dport 110 -= j ACCEPT iptables -A FORWARD -j LOG --log-level alert ------------------------------ This will only log the unwanted traffic in the FORWARD chain. If you want other chains to log add something like this to the end of the chains. Ramin > ########################################################## >=20 > Now, i wanna LOG all dropped packets, everyone that try to access other= ip > address or port must be log, how can i get it ? >=20 >=20 > ATs, > Juliano Murlick > SICREDI Servi=E7os - Tecnologia > jmurlick@sicredi.com.br > (51) 3358-4977 / (51) 9951-3888 >=20 >=20 >=20 > -----Original Message----- > From: Ramin Dousti [mailto:ramin@cannon.eng.us.uu.net]=20 > Sent: s=E1bado, 19 de julho de 2003 19:06 > To: Juliano Murlick > Cc: netfilter@lists.netfilter.org >=20 > On Sat, Jul 19, 2003 at 02:38:01PM -0300, Juliano Murlick wrote: >=20 > > Hello ALL, > > I need log all packet dropped on my firewall, how can i get it ? I=20 > > know how log all that i accept, like this: >=20 > If I understand your question correctly: > If you want to log the dropped packets only then you must allow the one= s you > want in the beginning of your rule set and the very last rule (right be= fore > the default DROP policy) must be LOG. >=20 > Ramin >=20 > > =20 > > iptables -A FORWARD -p tcp -s $REDELOCAL --sport 1024:65535 -d $SSHSR= V=20 > > --sport 22 -j LOG iptables -A FORWARD -p tcp -s $REDELOCAL --sport=20 > > 1024:65535 -d $SSHSRV --sport 22 -j ACCEPT > > =20 > > i will LOG all packet from ssh connection, but i don't to log all=20 > > packet dropped, my default policy is DROP: > > =20 > > iptables -P FORWARD DROP > > =20 > > please, if anyone knows it ? tell me .... > > =20 > > =20 > > Thanks in advance! > >=20 > > Att, > > Juliano Murlick > >=20 > >=20 > > =20 > >=20 > > --- > > Outgoing mail is certified Virus Free. > > Checked by AVG anti-virus system (http://www.grisoft.com). > > Version: 6.0.500 / Virus Database: 298 - Release Date: 10/7/2003 > > =20 > --- > Incoming mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.500 / Virus Database: 298 - Release Date: 10/7/2003 > =20 >=20 > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.500 / Virus Database: 298 - Release Date: 10/7/2003 > =20 >=20