You are not logged in.
Greetings,
I have a few questions about the best way to log drop packets based on the bellow table, in this example I added one active line near the end at comment "# rob try 3". This is a table bellow minus my Log attempts that comes from the YouTube channel Chris Titus Tech. I am using it for testing on a single computer on my LAN network.
Could someone correctly add in logging to this since I am not sure I am doing it right. For testing I would like to at first LOG every feature then eventually only log the packets that are dropped. Presently it looks like it is logging in on journalctl; I just find some of this logging features confusing with legacy features that were not implemented so I was getting very confused trying to figure this out.
I also would like to change the pale yellow font showing up when I run journalctl; sure if that is my settings or if there is a config file I can change? Also if anyone has better ideas regarding any of this please feel free to comment. Eventually I would like to work up to adapting this on a dedicated server router as a firewall any thoughts?? Thanks!
#!/bin/bash
#
# iptables example configuration script
# Drop ICMP echo-request messages sent to broadcast or multicast addresses
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
# Drop source routed packets
echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
# Enable TCP SYN cookie protection from SYN floods
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
# Don't accept ICMP redirect messages
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
# Don't send ICMP redirect messages
echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
# Enable source address spoofing protection
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
# Log packets with impossible source addresses
echo 1 > /proc/sys/net/ipv4/conf/all/log_martians
# Flush all chains
/sbin/iptables --flush
# Allow unlimited traffic on the loopback interface
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A OUTPUT -o lo -j ACCEPT
# Set default policies
/sbin/iptables --policy INPUT DROP
/sbin/iptables --policy OUTPUT DROP
/sbin/iptables --policy FORWARD DROP
# Previously initiated and accepted exchanges bypass rule checking
# Allow unlimited outbound traffic
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
#Ratelimit SSH for attack protection
/sbin/iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set
/sbin/iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT
# Allow certain ports to be accessible from the outside
#/sbin/iptables -A INPUT -p tcp --dport 25565 -m state --state NEW -j ACCEPT #Minecraft
#/sbin/iptables -A INPUT -p tcp --dport 8123 -m state --state NEW -j ACCEPT #Dynmap plugin
# Other rules for future use if needed. Uncomment to activate
#/sbin/iptables -A INPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT # http
#/sbin/iptables -A INPUT -p tcp --dport 443 -m state --state NEW -j ACCEPT # https
# UDP packet rule. This is just a random udp packet rule as an example only
#/sbin/iptables -A INPUT -p udp --dport 5021 -m state --state NEW -j ACCEPT
# Allow pinging of your server
/sbin/iptables -A INPUT -p icmp --icmp-type 8 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
# rob try 3
/sbin/iptables -A INPUT -j LOG
# Drop all other traffic
/sbin/iptables -A INPUT -j DROP
# rob add logs
#/sbin/iptables -N logdrop
#/sbin/iptables -A INPUT -j logdrop
#/sbin/iptables -A OUTPUT -j logdrop
#/sbin/iptables -A ACCEPT -j logdrop
#/sbin/iptables -A logdrop -m limit --limit 5/m --limit-burst 10 -j LOG
#/sbin/iptables -A logdrop -j DROP
#/sbin/iptables -A logdrop -j ACCEPT
# print the activated rules to the console when script is completed
/sbin/iptables -nLOffline
Where did the script come from? Iptables#Logging covers logging but I suggest you read the basic concepts section first.
Offline