Is it possible to view or enable a log that shows what requests iptables is blocking? I am trying to track down a request that iptables is blocking, but shouldn't be (because of an exception rule that I put in place for it).
Asked
Active
Viewed 9,420 times
2 Answers
7
Generally speaking, this is done by using the -j LOG target before the -j DROP target.
An example, say you have a rule that blocks ssh requests inbound from a particular ip
/sbin/iptables -A INPUT -i eth0 -s xxx.xxx.xxx.xxx -d <external IP on firewall> --dport 22 -j DROP
you would modify your config and add a rule just above this one that looks like this:
/sbin/iptables -A INPUT -i eth0 -s xxx.xxx.xxx.xxx -d <external IP on firewall> --dport 22 -j LOG
you might also want to look at the --log-prefix= option, which will allow you to add some notes (not a lot) to the log.
malcolmpdx
- 2,250
- 1
- 15
- 12
-
Perfect. This doesn't tell me why my rule isn't allowing the exception but it is showing the incoming connection in the messages log. – Resorath Jan 23 '12 at 20:28
2
Yes. You can send the packets to the ULOG target before denying them and configure ulogd to save them in a pcap-formatted file so they can be read with tcpdump or wireshark. See http://www.netfilter.org/projects/ulogd/
Mark Wagner
- 17,764
- 2
- 30
- 47