Answer the question
In order to leave comments, you need to log in
K
K
Kamil2019-04-26 10:51:34
Kamil, 2019-04-26 10:51:34
Why is iptables not logging?
#!/bin/bash
#
# iptables
#
#
iptables -P INPUT ACCEPT; iptables -F
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -m conntrack --ctstate NEW -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j DROP
# ctstate
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
#Записываем все пакеты с порта $Link размером от 500 до 65535 байтов
iptables -A INPUT -p tcp -m multiport --dports 123,1234,12345 -m length --length 500:65535 -j LOG --log-prefix "TEST"
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPTWhy isn't it logged? What am I doing wrong?
1 answer(s)
@Mystray
M
Mystray, 2019-04-26 @Mystray
Because that's how the rules are written.
The first SYN packet will not be recorded, since it is less than 500 bytes, and it will go further, where it will be accepted according to -P INPUT ACCEPT, and all subsequent packets within the already established connection will be received earlier than the logging rule, according to --ctstate ESTABLISHED,RELATED -j ACCEPT
The order matters, and actions like DROP or ACCEPT - are terminating, after them the packet does not go further along the chain of rules
Similar questions
V
N
G
A
V
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question