Good afternoon everyone,
It's the iptables n00b again. valiantly learning and reading (and asking for occasional help when I hit a wall - which I think I just did)
So far I've gotten logging enabled for iptables.
Now, I want to drop AND log an IP connection attempt.
Could some wise eyes please confirm that to drop - AND LOG - an IP there are not one, but two rules which must be stuffed in there?
Let's say I want to prevent connections from 10.1.1.115 and log the attempt. The reading I've done so far seems to say I must do this:
Code:
iptables -A INPUT -s 10.1.1.115 -j LOG --log-prefix 'SWAMP-THING'--log-level 4 #or 7 maybe? I just need date/time/IP
iptables -A INPUT -s 10.1.1.115 -j DROP
I'm guessing there's no way to combine the two into a single command (which for brevity, I could maybe alias somehow?)
Regards & TIA for any suggestions and pointers (and expertise)
Yes, you always need 2 different rules. However, you can create a new chain (eg log-and-drop) that contains those 2 rules, and have your regular chains jump there if needed.
Code:
iptables -N log-and-drop # create new chain
iptables -A log-and-drop -j LOG --log-prefix 'SWAMP-THING'--log-level 4
iptables -A log-and-drop -J DROP
iptables -A INPUT -s 10.1.1.115 -j log-and-drop
You might also want to limit the number of log messages by using the (aptly named) limit module (described here), lest someone DoS' your server by filling the log file.
Yes, you always need 2 different rules. However, you can create a new chain (eg log-and-drop) that contains those 2 rules, and have your regular chains jump there if needed.
Code:
iptables -N log-and-drop # create new chain
iptables -A log-and-drop -j LOG --log-prefix 'SWAMP-THING'--log-level 4
iptables -A log-and-drop -J DROP
iptables -A INPUT -s 10.1.1.115 -j log-and-drop
You might also want to limit the number of log messages by using the (aptly named) limit module (Note from response - a URL quote pointing to the resource is disallowed below 5 posts by me - putter)
Wow - thanks on a number of levels for this. First and foremost for absolute clarity. I actually understand the guidance you've given.
Secondly for decoding some of the rather opaque writeups which have touched on this subject elsewhere, but which in themselves were not the easiest to understand.
Third by demystifying two other things (thus causing one of those rare and treasured "Eureka moments") - what a chain is, and what a jump is.
Time to read up on limits, try and "put it all together" and come back with something that hopefully looks ready to test.
Thanks so much, your help is hugely appreciated. Back later.
I want to SSH to 192.168.1.15 Server from my machine, my ip was 192.168.1.99
Source Destination was UP, with IP 192.168.1.15.
This is LAN Network there are 30 Machine's Connected to the network and working fine, I'm Playing around the local machine's because I need to apply the same rules in... (2 Replies)
I am looking for an iptables command to allow incoming UDP packets for my Linux server
also is there a command I can use to set the default action for outgoing packets to accept?
Thank you (1 Reply)
Hi,
Can someone help to explain what is --to-source in
the iptables rule below:
iptables -t nat -A POSTROUTING -s 192.168.1.100 -o eth0 \
-j SNAT --to-source 97.158.253.26
especially why the option has double dash (--)
is it a comment?
Thanks (1 Reply)
I would like to copy data flow (not redirect!!!) from 1567 port
to another 1194 port on same computer. The 1567 Port already binded by Scream program (it is bisy). Is it possible to do it by iptables or for it nesessary another programs? Can you help me in the decision of this question? (1 Reply)
Hello, excuse my English. Please could tell me how I can pass this syntax for iptables to ipfw.
iptables -A OUTPUT -p tcp --dport 80 -m state --state NEW -m recent
--set --name thor --rdest -j ACCEPT
iptables -A INPUT -p tcp -m tcp --tcp-flag RST RST -m state --state
ESTABLISHED -m recent... (0 Replies)
Hello,
I am currently trying to limit incoming UDP length 20 packets on a per IP basis to 5 a second using IPTables on a Linux machine (CentOS 5.2).
Basically, if an IP is sending more than 5 length 20 UDP packet a second to the local machine, I would like the machine to drop the excess... (1 Reply)
Hi,
I need to redirect internal internet requests to a auth client site siting on the gateway. Currently users that are authenticated to access the internet have there mac address listed in the FORWARD chain. All other users need to be redirected to a internal site for authentication.
Can... (1 Reply)
