View requests that iptables has blocked

iptables

Is it possible to view or enable a log that shows what requests iptables is blocking? I am trying to track down a request that iptables is blocking, but shouldn't be (because of an exception rule that I put in place for it).


Solution 1:

Generally speaking, this is done by using the -j LOG target before the -j DROP target.

An example, say you have a rule that blocks ssh requests inbound from a particular ip

/sbin/iptables -A INPUT -i eth0 -s xxx.xxx.xxx.xxx -d <external IP on firewall> --dport 22 -j DROP

you would modify your config and add a rule just above this one that looks like this:

/sbin/iptables -A INPUT -i eth0 -s xxx.xxx.xxx.xxx -d <external IP on firewall> --dport 22 -j LOG

you might also want to look at the --log-prefix= option, which will allow you to add some notes (not a lot) to the log.

Solution 2:

Yes. You can send the packets to the ULOG target before denying them and configure ulogd to save them in a pcap-formatted file so they can be read with tcpdump or wireshark. See http://www.netfilter.org/projects/ulogd/

Related

Alias not saved after reboot
What does 'it' refer to in "come you more nearer than your particular demands will touch it"?
Puppet Ubuntu remove packages no longer required
Run shell scripts as root though Jenkins
geographic location of VPS
Is it correct to say: I will see you at the Christmas dinner or I will see you at Christmas dinner
MySQL, check & enable binary logs
How ISPs will assign IPs /subnets for end users in IPv6
Not able to delete lot of files at once in linux
puppet duplicate resources and virtual resources
Monit won't start: "Cannot translate '<hostname>' to FQDN name -- nodename nor servname provided"
Linux Server hacked? [duplicate]