Advertisements
First of all enable iptables loging in /etc/syslog.conf
#vi /etc/syslog.conf
kern.* /var/log/firewall
:wq
Restart the syslog daemon.
#service syslog restart
Create the log file specified in /etc/syslog.conf
#touch /var/log/firewall #log file.
Now Define the rules in following order. Log rule must be first.
This is a simple rule which will block response to ping.
iptables -I INPUT -p icmp --icmp-type echo-request -j LOG --log-prefix "Rejected: "
iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
See the listing of rules.
[root@work1 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
LOG icmp -- anywhere anywhere icmp echo-request LOG level warning prefix `Rejected: '
DROP icmp -- anywhere anywhere icmp echo-reply
DROP icmp -- anywhere anywhere icmp echo-request
Now :
Ping from any host to this machine and watch the log file.
#tail -f /var/log/firewall #will give you real time log of dropping. With prefix Rejected.
[root@work1 ~]# tail -f /var/log/firewall
Apr 21 21:50:40 work1 kernel: Rejected: IN=eth0 OUT= MAC=00:0c:29:d0:8d:f4:00:23:ae:1d:97:a0:08:00 SRC=192.168.1.99 DST=192.168.1.60 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=24589 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=135
Apr 21 21:50:45 work1 kernel: Rejected: IN=eth0 OUT= MAC=00:0c:29:d0:8d:f4:00:23:ae:1d:97:a0:08:00 SRC=192.168.1.99 DST=192.168.1.60 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=24605 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=136
No comments:
Post a Comment
Be nice. That's all.