From: Harry Putnam <reader@newsguy.com>
To: gentoo-user@lists.gentoo.org
Subject: [gentoo-user] Re: [OT router advice] a router capable of detailed logs
Date: Thu, 28 Apr 2011 00:31:18 -0500 [thread overview]
Message-ID: <87zknbaqmx.fsf@newsguy.com> (raw)
In-Reply-To: 201104270723.44105.michaelkintzios@gmail.com
Mick <michaelkintzios@gmail.com> writes:
>> Jumping up the thread a bit now, after Pauls excellent input. I see
>> that iptables cmd is known on the OS, but man I really had not wanted
>> to pound my way thru iptables to the point of competency.
>
> Count yourself lucky. I'd rather have to deal with Linux IP Tables than IOS
> any time!
Hehe
> Once you access it via telnet, have a look for any log rules in IP Tables
> (/sbin/iptables -L -v -n) and perhaps all we need to do is modify those.
Yeah I had a look at the lines containing LOG and of course had no
idea of what they meant or how to alter them.
The entire iptables is inlined below... maybe you will know how to alter
them so that ports show up in logs. That is, only if you are still
patient enough to continue.... so far, no one has complained about the
OT thread... but I fear I must be nearing the end of your patient
willingness to continue, if not the lists willingness to allow my OT
thread.
------- --------- ---=--- --------- --------
There only 4 instances of LOG in the tables. But I wonder if it might
just be an increase in log level that is required.
I wanted to try that out, but was a bit chicken, thinking I'd destroy
whatever setup there is that invokes the iptable rules.
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:23
ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:4500
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:500
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABL
INPUT_UDP udp -- 0.0.0.0/0 0.0.0.0/0
INPUT_TCP tcp -- 0.0.0.0/0 0.0.0.0/0
DOS icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state NEW
Chain FORWARD (policy DROP)
target prot opt source destination
ip_filter all -- 0.0.0.0/0 0.0.0.0/0
POLICY icmp -- 0.0.0.0/0 0.0.0.0/0
POLICY udp -- 0.0.0.0/0 0.0.0.0/0
TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02
POLICY tcp -- 0.0.0.0/0 0.0.0.0/0
TREND_MICRO tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 http me
DMZ_PASS all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABL
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state NEW
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
DROP icmp -- 0.0.0.0/0 0.0.0.0/0 state INVALID
Chain BLOCK (0 references)
target prot opt source destination
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain DMZ_PASS (1 references)
target prot opt source destination
Chain DOS (6 references)
target prot opt source destination
RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 200/sec b
RETURN udp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABL
RETURN udp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 200/sec b
RETURN icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: a
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec bu
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD_TCP (1 references)
target prot opt source destination
DOS tcp -- 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW tc
RETURN tcp -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD_UDP (1 references)
target prot opt source destination
DOS udp -- 0.0.0.0/0 0.0.0.0/0
RETURN udp -- 0.0.0.0/0 0.0.0.0/0
Chain HTTP (0 references)
target prot opt source destination
Chain INPUT_TCP (1 references)
target prot opt source destination
SCAN all -- 0.0.0.0/0 0.0.0.0/0 psd weight-threshold
DOS tcp -- 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW tc
ACCEPT tcp -- 0.0.0.0/0 192.168.0.20 tcp dpt:30443
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 23,
RETURN tcp -- 0.0.0.0/0 0.0.0.0/0
Chain INPUT_UDP (1 references)
target prot opt source destination
SCAN all -- 0.0.0.0/0 0.0.0.0/0 psd weight-threshold
DOS udp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 68.87.72.13 0.0.0.0/0 udp spt:67 dpt:68
RETURN udp -- 0.0.0.0/0 0.0.0.0/0
Chain POLICY (3 references)
target prot opt source destination
PORT_FORWARD all -- 0.0.0.0/0 0.0.0.0/0
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain PORT_FORWARD (1 references)
target prot opt source destination
DOS icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
FORWARD_TCP tcp -- 0.0.0.0/0 0.0.0.0/0
FORWARD_UDP udp -- 0.0.0.0/0 0.0.0.0/0
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain SCAN (2 references)
target prot opt source destination
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec bu
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain TREND_MICRO (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain ip_filter (1 references)
target prot opt source destination
next prev parent reply other threads:[~2011-04-28 5:33 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-04-19 3:31 [gentoo-user] [OT router advice] a router capable of detailed logs Harry Putnam
2011-04-19 6:02 ` Mick
2011-04-20 15:56 ` [gentoo-user] " Harry Putnam
2011-04-21 5:55 ` Mick
2011-04-21 5:58 ` Mick
2011-04-22 19:28 ` Harry Putnam
2011-04-22 22:17 ` Mick
2011-04-25 17:37 ` Harry Putnam
2011-04-25 18:20 ` Paul Hartman
2011-04-25 19:04 ` Mick
2011-04-25 18:44 ` Mick
2011-04-25 22:23 ` Jake Moe
2011-04-26 6:08 ` Mick
2011-04-26 22:27 ` Harry Putnam
2011-04-27 6:23 ` Mick
2011-04-28 5:31 ` Harry Putnam [this message]
2011-04-28 14:36 ` Todd Goodman
2011-04-30 4:28 ` Harry Putnam
2011-04-30 15:02 ` Todd Goodman
2011-04-28 16:07 ` Mick
2011-04-19 6:54 ` [gentoo-user] " Joost Roeleveld
2011-04-20 16:16 ` [gentoo-user] " Harry Putnam
2011-04-19 9:15 ` [gentoo-user] " Peter Humphrey
2011-04-20 16:23 ` [gentoo-user] " Harry Putnam
2011-04-20 18:49 ` Dale
2011-04-20 19:38 ` Harry Putnam
2011-04-20 19:50 ` Dale
2011-04-20 22:36 ` Peter Humphrey
2011-04-20 22:36 ` Harry Putnam
2011-04-20 23:35 ` Dale
2011-04-21 5:37 ` Pandu Poluan
2011-04-19 10:17 ` [gentoo-user] " Pandu Poluan
2011-04-19 10:18 ` Stroller
2011-04-19 14:50 ` Paul Hartman
2011-04-20 2:01 ` W.Kenworthy
2011-04-20 18:50 ` [gentoo-user] " Harry Putnam
2011-04-20 18:15 ` Harry Putnam
2011-04-20 18:15 ` Todd Goodman
2011-04-20 19:01 ` Harry Putnam
2011-04-20 18:48 ` Paul Hartman
2011-04-20 19:28 ` Harry Putnam
2011-04-20 20:11 ` Paul Hartman
2011-04-20 22:41 ` Harry Putnam
2011-04-21 12:22 ` Todd Goodman
2011-04-22 20:25 ` Harry Putnam
2011-04-22 22:47 ` Todd Goodman
2011-04-20 19:14 ` Harry Putnam
2011-04-30 17:47 ` James
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87zknbaqmx.fsf@newsguy.com \
--to=reader@newsguy.com \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox