Howto logging iptables

Hanya mendokumentasikan postingan Pak Ronny Haryanto di milis tanya-jawab@linux.or.id tentang bagaimana cara me-log iptables.

Caranya:

Tambahkan 2 chain baru khusus utk logging ini, supaya lebih enak dibaca aja (soalnya jika kita mau nge-log dan nge-drop kita harus membuat dua rules).

iptables -N logdrop
iptables -A logdrop -j LOG –log-prefix “DROPPED: ”
iptables -A logdrop -j DROP

iptables -N logaccept
iptables -A logaccept -j LOG –log-prefix “ACCEPTED: ”
iptables -A logaccept -j ACCEPT

Lalu jika suatu saat kita membuat rules iptables ada yg mau di-drop/accept dan juga dilog, tinggal tambahkan rule iptables:

iptables … -j logdrop (instead of -j DROP langsung)
iptables … -j logaccept (instead of -j ACCEPT langsung)

Maka lognya akan muncul di syslog.

Share it now...
Share on Facebook0Tweet about this on TwitterEmail this to someoneShare on Google+0
The following two tabs change content below.
Unix/Linux enthusiasts, good working experience with SAN, NAS, Linux, Solaris, AIX, VMWare & Graphic Design. Certified for Solaris Admin, EMC & HDS Storage.

One thought on “Howto logging iptables

  1. surya says:

    root@mail:/var/log# iptables -A logaccept -j LOG -log-prefix “ACCEPTED: “
    iptables v1.3.6: Unknown arg `LOG’
    Try `iptables -h’ or ‘iptables –help’ for more information.

Leave a Reply

Your email address will not be published. Required fields are marked *