Re: iptables not logging via syslog-ng

Mon, 11 Sep 2006 15:23:19 -0700 

Is your firewall working?  Have you tested it?

On Mon, 11 Sep 2006, Justin F. Knotzke wrote:


 Thanks Justin again for the reply..

 Here is what I have:

justin:/var/log/ulog# cat /etc/ulogd.conf
nlgroup 6
logfile /var/log/ulog/ulogd.log
loglevel 1
rmem 131071
bufsize 150000
syslogfile /var/log/ulog/syslogemu.log
syslogsync 1
plugin /usr/lib/ulogd/ulogd_LOGEMU.so

 Here are my firewall rules for logging:

     ${IPTABLES} -t filter -A ULDROP -p tcp -m limit --limit
${LOG_FLOOD} -j ULOG --ulog-nlgroup 6 --ulog-prefix LDROP_TCP
      ${IPTABLES} -t filter -A ULDROP -p udp -m limit --limit
${LOG_FLOOD} -j ULOG --ulog-nlgroup 6 --ulog-prefix LDROP_UDP
      ${IPTABLES} -t filter -A ULDROP -p icmp -m limit --limit
${LOG_FLOOD} -j ULOG --ulog-nlgroup 6 --ulog-prefix LDROP_ICMP
      ${IPTABLES} -t filter -A ULDROP -f -m limit --limit
${LOG_FLOOD} -j ULOG --ulog-nlgroup 6 --ulog-prefix LDROP_FRAG
      ${IPTABLES} -t filter -A ULDROP -j DROP
      echo -n "ULDROP "

      ${IPTABLES} -t filter -A ULREJECT -p tcp -m limit --limit
${LOG_FLOOD} -j ULOG --ulog-nlgroup 6 --ulog-prefix LREJECT_TCP
      ${IPTABLES} -t filter -A ULREJECT -p udp -m limit --limit
${LOG_FLOOD} -j ULOG --ulog-nlgroup 6 --ulog-prefix LREJECT_UDP
      ${IPTABLES} -t filter -A ULREJECT -p icmp -m limit --limit
${LOG_FLOOD} -j ULOG --ulog-nlgroup 6 --ulog-prefix LREJECT_UDP
      ${IPTABLES} -t filter -A ULREJECT -f -m limit --limit
${LOG_FLOOD} -j ULOG --ulog-nlgroup 6 --ulog-prefix LREJECT_FRAG
      ${IPTABLES} -t filter -A ULREJECT -j REJECT
      echo -n "ULREJECT "

      ${IPTABLES} -t filter -A ULTREJECT -p tcp -m limit --limit
${LOG_FLOOD} -j ULOG --ulog-nlgroup 6 --ulog-prefix LTREJECT_TCP
      ${IPTABLES} -t filter -A ULTREJECT -p udp -m limit --limit
${LOG_FLOOD} -j ULOG --ulog-nlgroup 6 --ulog-prefix LTREJECT_UDP
      ${IPTABLES} -t filter -A ULTREJECT -p icmp -m limit --limit
${LOG_FLOOD} -j ULOG --ulog-nlgroup 6 --ulog-prefix LTREJECT_ICMP
      ${IPTABLES} -t filter -A ULTREJECT -f -m limit --limit
${LOG_FLOOD} -j ULOG --ulog-nlgroup 6 --ulog-prefix LTREJECT_FRAG
      ${IPTABLES} -t filter -A ULTREJECT -p tcp -j REJECT
--reject-with tcp-reset
      ${IPTABLES} -t filter -A ULTREJECT -p udp -j REJECT
--reject-with icmp-port-unreachable
      ${IPTABLES} -t filter -A ULTREJECT -p icmp -j DROP
      ${IPTABLES} -t filter -A ULTREJECT -j REJECT


 Nothing ever gets logged to /var/log/ulog/syslogemu.log

 Thanks

 J



--
Justin F. Knotzke
[EMAIL PROTECTED]
http://www.shampoo.ca




--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to