Log rules¶

Example rule for jumping to the LOG chain

[essential_services_5]
section_type = general
action = ['log','drop']
ip_version = both
interface = main
default_chain = INPUT
protocol = tcp,udp
custom_chain = TEST_DROP_CHAIN
limit = 1/sec
log-level = 6
log-prefix = TEST_DROP_CUSTOM_CHAIN
log-specific-options = ['log-tcp-sequence','log-tcp-options','log-ip-options']

The logic of the action is the following:

action = ['log','drop']

If the list has 2 elements it means that it will create rules for logging the traffic of the input. First element tells the script that it will create logging rules. Second element tells the action of the packet after logging to either ‘allow’ or ‘drop’

/sbin/iptables -N TEST_DROP_CHAIN
/sbin/ip6tables -N TEST_DROP_CHAIN

/sbin/iptables -A INPUT -i eth0 -p tcp -j TEST_DROP_CHAIN
/sbin/iptables -A INPUT -i eth0 -p udp -j TEST_DROP_CHAIN
/sbin/iptables -A TEST_DROP_CHAIN -m limit --limit 1/sec -j LOG --log-prefix TEST_DROP_CUSTOM_CHAIN --log-level 6 --log-tcp-sequence --log-tcp-options
/sbin/iptables -A TEST_DROP_CHAIN -j DROP


/sbin/ip6tables -A INPUT -i eth0 -p tcp -j TEST_DROP_CHAIN
/sbin/ip6tables -A INPUT -i eth0 -p udp -j TEST_DROP_CHAIN
/sbin/ip6tables -A TEST_DROP_CHAIN -m limit --limit 1/sec -j LOG --log-prefix TEST_DROP_CUSTOM_CHAIN --log-level 6 --log-tcp-sequence --log-tcp-options
/sbin/ip6tables -A TEST_DROP_CHAIN -j DROP

Log rules¶

Related Topics

This Page