Re: Wydzielenie logow iptables z ogolnej puli logow sysloga.
: 10 maja 2016, 11:51
Mam tak:
Kod: Zaznacz cały
#!/bin/sh
iptables -F
iptables -X
# what was incoming but denied (optional but useful).
iptables -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables_INPUT_denied: " --log-level 7
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -P INPUT DROP
# Log any traffic which was sent to you
# for forwarding (optional but useful).
iptables -A FORWARD -m limit --limit 5/min -j LOG --log-prefix "iptables_FORWARD_denied: " --log-level 7
iptables -P FORWARD DROP
iptables -I OUTPUT -m conntrack --ctstate NEW,INVALID -j LOG --log-prefix "OUTPUT"
iptables -P OUTPUT ACCEPT
ip6tables -F
ip6tables -X
# Log what was incoming but denied (optional but useful).
ip6tables -A INPUT -m limit --limit 5/min -j LOG --log-prefix "ip6tables_INPUT_denied: " --log-level 7
ip6tables -A INPUT -i lo -j ACCEPT
ip6tables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
ip6tables -P INPUT DROP
# Log any traffic which was sent to you
# for forwarding (optional but useful).
ip6tables -A FORWARD -m limit --limit 5/min -j LOG --log-prefix "ip6tables_FORWARD_denied: " --log-level 7
ip6tables -P FORWARD DROP
ip6tables -P OUTPUT ACCEPT