From mboxrd@z Thu Jan 1 00:00:00 1970 From: Binish A R Subject: Re: iptables LOG options Date: Tue, 24 May 2005 09:47:03 +0530 Message-ID: <4292AABF.4060009@poornam.com> References: <4292A1A7.3020401@poornam.com> <4292A6CF.4020904@rfgt.net> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <4292A6CF.4020904@rfgt.net> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-bounces@lists.netfilter.org Errors-To: netfilter-bounces@lists.netfilter.org Content-Type: text/plain; charset="us-ascii"; format="flowed" To: Robert Vangel Cc: netfilter@lists.netfilter.org Robert Vangel wrote: > Binish A R wrote: > >> Hello, >> >> I am trying to write my custom firewall rules. >> I want to drop all outgoing ssh for non root users and log any such >> attempts at the same time. >> I want to log the username trying to do that. What option should I give? >> >> The following won't definitely work. >> >> iptables -I OUTPUT -p tcp --dport 22 -m owner ! --uid-owner root -j >> LOG --log-prefix "$USER NO SSH ALLOWED" >> >> because the shell expands $USER variable immediately. >> >> Is there any other option to find the value of owner that get matched >> by the below rule: >> >> >> iptables -I OUTPUT -p tcp --dport 22 -m owner ! --uid-owner root >> >> >> Any help is much appreciated. >> >> >> Thanks and Regards, >> >> Binish >> >> >> > > Make it `--uid-owner ! root' instead of `! --uid-owner root' iptables -I OUTPUT -p tcp --dport 22 -m owner ! --uid-owner root -j REJECT is working fine, ie its blocking ssh from non-root users. What I want is to log the username (uid) trying to do ssh. Any comments?