* Re: Logging NEW ssh connections
[not found] <3A5DC36EC1506C40825C05BE65E62AEF0E79B7@neptuno.idea.com.mx>
@ 2002-05-31 7:55 ` Damijan Sencar
0 siblings, 0 replies; only message in thread
From: Damijan Sencar @ 2002-05-31 7:55 UTC (permalink / raw)
To: netfilter
It works now!
Thanx,
Damijan
Omar Castaneda Acosta wrote:
>Make these changes to your firewall script:
>
>if [ -n "`$IPTABLES -L | $GREP log-and-forget`" ]; then
> $IPTABLES -F log-and-forget
>fi
>
>....
>
>$IPTABLES -N log-and-forget
>$IPTABLES -A log-and-forget -j LOG --log-level warning --log-prefix
>"[WARNING] "
>$IPTABLES -A log-and-forget -j RETURN
>
># The next rules should be on the top of INPUT, FORWARD and OUTPUT
>chains
>
>$IPTABLES -A INPUT -p TCP -dport 22 -m state -state NEW -j
>log-and-forget
>$IPTABLES -A FORWARD -p TCP -dport 22 -m state -state NEW -j
>log-and-forget
>$IPTABLES -A OUTPUT -p TCP -dport 22 -m state -state NEW -j
>log-and-forget
>
>
>-----Original Message-----
>From: Damijan Sencar [mailto:damijan.sencar@zrs-tk.si]
>Sent: Thursday, May 30, 2002 7:13 AM
>To: netfilter@lists.samba.org
>Subject: Logging NEW ssh connections
>
>Hi!
>
>I want to log all new ssh connections from Internet to syslogd. I added
>chain as follows but it doesn't log anything.
>
>$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 22 -m state --state NEW
>-j LOG --log-level DEBUG --log-prefix "NEW SSH IN
> logged"
>$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 22 -j allowed
>
>
>However it works (logs all packets to syslogd) if I change state from
>NEW to ESTABLISHED. What could be wrong there?
>
>Thanx,
>
>Damijan
>
>
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2002-05-31 7:55 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <3A5DC36EC1506C40825C05BE65E62AEF0E79B7@neptuno.idea.com.mx>
2002-05-31 7:55 ` Logging NEW ssh connections Damijan Sencar
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.