Firewall logging?

How am I able to log the firewall? Just need to see what it's dropping/forwarding etc.

something like this in /etc/firewall.user will get you started...


iptables -N mylog
iptables -A mylog -p tcp --syn -m limit --limit 3/s --limit-burst 10 -j LOG --log-prefix "mylog-tcp-new " --log-level $myloglevel
iptables -A mylog -j RETURN

iptables -I input_rule 1 -j mylog
iptables -I forwarding_rule 1 -j mylog
iptables -I output_rule 1 -j mylog

exit 0


  1. comment out the -I<capital-i lines ( input and output ) to just see routing...

To actually log based on ACCEPT / DROP etc... you need to hook into the final decision trees / end of chain targets... my sed skills are worser than ben solo but i.e.;

iptables -N logaccept
iptables -A logaccept -m limit --limit 10/s --limit-burst 20 -j LOG --log-prefix "logaccept " --log-level $myloglevel
iptables -N logreject
iptables -A logreject -m limit --limit 10/s --limit-burst 20 -j LOG --log-prefix "logreject " --log-level $myloglevel
iptables -N logdrop
iptables -A logdrop -m limit --limit 10/s --limit-burst 20 -j LOG --log-prefix "logdrop " --log-level $myloglevel

iptables-save > /tmp/iptsavesedded
sed -i "s#j reject\$#j logreject#g" /tmp/iptsavesedded
sed -i "s#j ACCEPT\$#j logaccept#g" /tmp/iptsavesedded
sed -i "s#j DROP\$#j logaccept#g" /tmp/iptsavesedded
echo "importing sedded rules"
iptables-restore < /tmp/iptsavesedded

iptables -A logaccept -j ACCEPT
iptables -A logreject -j reject
iptables -A logdrop -j DROP

exit 0