From: Joel Newkirk <firewalldude@newkirk.us>
To: yann Conan <yahn_ick@yahoo.fr>
Cc: netfilter@lists.netfilter.org
Subject: Re: Problem with LOG in /var/log/messages
Date: Sun, 19 Sep 2004 16:04:11 -0400 [thread overview]
Message-ID: <414DE63B.8050605@newkirk.us> (raw)
In-Reply-To: <20040918173731.14655.qmail@web20923.mail.yahoo.com>
yann Conan wrote:
> On Mandrake if I do a tail -f /var/log/messages I see
> the DROP
> On RedHat it doesn't work.
At a guess, there's already some rules in place on the RH box, and you
added your LOG rule after them. I've seen that many RH and Fedora
installs create a default ruleset, even if told "no firewall" during
installation!
Try "iptables -vnL" and see if there's other rules already in place, and
check the packet & byte counts (first two numbers on each rule's line)
to confirm if your LOG rule is actually matching packets.
If you have default rules in place (RH likes jumping to a custom chain,
like 'lokkit' something) then "iptables -F" to flush rules in filter
tables chains, set DROP policies, then "service iptables save" will
ensure that this configuration will be restored on reboot. (if your
ruleset is not overly complicated, and doesn't depend on 'current' info
like dynamic IP changes, you can just save/restore your rules this way
pretty damn easily) You can look at the rules that will be restored
during startup this way by examining /etc/sysconfig/iptables.
Another suggestion is to insert "kern.=debug /var/log/firewall" near
the top of /etc/syslog.conf (and restart syslog with "service syslog
restart" or a reboot), then add "--log-level 7" to each of your LOG
rules. Unless you're running a debug build of a kernel, you should get
almost exclusively firewall-LOG entries in that file. Then use
"--log-prefix 'SSHin:'" or whatever to aid in identifying LOG entries,
where and why they were logged.
j
> Hi all,
>
> I done this configuration test with iptables :
> iptables -P INPUT DROP
> iptables -A INPUT -j LOG
> iptables -P OUTPUT DROP
> iptables -A OUTPUT -j LOG
>
> I done this with iptables on a mandrake and on a
> REDHAT.
> I try to ping in 127.0.0.1 and after
> On Mandrake if I do a tail -f /var/log/messages I see
> the DROP
> On RedHat it doesn't work.
>
> the syslog.conf on RedHat and Mandrake are:
> *.info;mail.none;;news.none;authpriv.none
> -/var/log/messages
>
> What is the problem or what is the difference about
> default configuration between Mandrake and redHat?
>
> Best Regards,
>
> Yann Conan
> Bordeaux,France
prev parent reply other threads:[~2004-09-19 20:04 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-09-16 20:07 FTP connection track Krystian
2004-09-16 20:16 ` Jason Opperisano
2004-09-18 17:37 ` Problem with LOG in /var/log/messages yann Conan
2004-09-19 20:04 ` Joel Newkirk [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=414DE63B.8050605@newkirk.us \
--to=firewalldude@newkirk.us \
--cc=netfilter@lists.netfilter.org \
--cc=yahn_ick@yahoo.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox