On Fri, Mar 08, 2019 at 06:28:51AM -0800, [email protected] wrote: > I'm trying to setup an appvm like this: > > appvm -> appvm_firewall -> vpn -> vpn_firewall -> sys-net > > I want to tighten the firewall rules and do a deny policy. How can I get a > log of dropped firewall packet logs from appvm_firewall or vpn_firewall? I've > tried a few different iptables commands but I haven't really had any success. > > Thanks in advance. >
Depends whether you have a "DROP" policy set or a final rule that says "-j DROP" In iptables, have a rule immediately BEFORE that rule( so if policy, have it as last rule, otherwise, penultimate). iptables -j LOG --log-prefix "DROP " You can put this in any firewall chain. You could make it more complex by creating a log/drop chain and breaking down the descriptors, but I doubt that is necessary in this case. If you are using nftables, (check in your sys-firewall), then you can get the same effect by adding to your DROP statement. You don't need a separate rule for this. HTH unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190308165127.324vdae5jf6zmib3%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
