Generally speaking it is good practice to log dropped traffic on your firewall - this can be achieved pretty easily with iptables.
Firstly create a new chain called 'logging':
iptables -N LOGGING
and then instruct the input chain to send any unmatched packets to the 'logging' chain:
iptables -A INPUT -j LOGGING
and we can also do the same for FORWARD traffic:
iptables -A FORWARD -j LOGGING
** Make sure that there are no catch-all drop rules in the input chain as this will prevent the unmatched packets from being dropped (they will be dropped when they are evaluated in the logging chain.) **
We then define rate-limiting to prevent a build-up of logs and define a prefix / log level for the logs:
iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables-Dropped: " --log-level 4
Finally we apply the drop-all rule to our 'logging' chain:
iptables -A LOGGING -j DROP
0 comments:
Post a Comment