Saturday, March 10, 2007

iptables Log

To log and drop the netbios packets using iptables use the following filter.

iptables -A INPUT -p tcp -m multiport --dport 135,137,139,445 -j LOG --log-tcp-options --log-level 3 --log-ip-options --log-prefix "[IPTABLES DROP] : "
iptables -A INPUT -p tcp -m multiport --dport 135,137,139,445 -j REJECT
iptables -A INPUT -p udp -m multiport --dport 135,137,139,445 -j LOG --log-tcp-options --log-level 3 --log-ip-options --log-prefix "[IPTABLES DROP] : "
iptables -A INPUT -p udp -m multiport --dport 135,137,139,445 -j REJECT

by default logs will be saved to /var/log/messages , to force it to save at another location add the following line in /etc/syslog.conf

kern.warning /var/log/iptables.log
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)