added iptables logging guide

2018-06-12 01:56:52 +02:00
parent b3bf01a5bd
commit 128de0b04c
4 changed files with 44 additions and 0 deletions
--- a/admin/iptables_logging
+++ b/admin/iptables_logging
@ -0,0 +1,32 @@
+#log all dropped packages to separate file
+
+#backup
+sudo iptables-save > backup.save
+
+#safety flush cronjob every xx:45h
+sudo crontab -e
+45 * * * * /sbin/iptables -F
+
+#begin
+sudo iptables -N DROP_AND_LOG
+sudo iptables -A DROP_AND_LOG -m limit --limit 1/min -j LOG --log-prefix "[IPTABLES-DROP]: "
+sudo iptables -A DROP_AND_LOG -j DROP
+
+#if old rules exist, save now upated rules
+sudo iptables-save > modded.save
+
+#replace DROP with DROP_AND_LOG chain
+sed -e 's:-j DROP:-j DROP_AND_LOG:g' modded.save > replaced.save
+
+#fix last "-j DROP" to original...
+vim replaced.save
+
+#create custom syslog output log
+vim /etc/rsyslog.d/custom_iptables.conf
+> :msg,contains,"IPTABLES-DROP" /var/log/iptables.log
+
+#flush iptables and restore our modded rules
+sudo iptables -F
+sudo iptables-restore < replaced.save
+
+#see the magic happen... (and dont forget to remove cronjob...)