untuk membuat log pada iptables dimana kita ingin mengetahui paket yang didrop atau direject
misalkan kita kan mendrop ping dan mereject akses ke port 80 dan port 443
tiap drop akan diberi keterangan ‘drop :’ dan tiap perintah reject akan diberi keterangan ‘reject port 80:’ atau ‘reject port 443:’
begini caranya
- IPTables-Dropped: This is the prefix that we used in our logging by specifying –log-prefix option
- IN=em1 This indicates the interface that was used for this incoming packets. This will be empty for outgoing packets
- OUT=em1 This indicates the interface that was used for outgoing packets. This will be empty for incoming packets.
- SRC= The source ip-address from where the packet originated
- DST= The destination ip-address where the packets was sent to
- LEN= Length of the packet
- PROTO= Indicates the protocol (as you see above, the 1st line is for outgoing ICMP protocol, the 2nd line is for incoming TCP protocol)
- SPT= Indicates the source port
- DPT= Indicates the destination port. In the 2nd line above, the destination port is 443. This indicates that the incoming HTTPS packets was dropped
untuk melihat lognya klik disini
semoga berguna 🙂
referensi
- http://www.cyberciti.biz/tips/linux-iptables-examples.html
- http://www.thegeekstuff.com/2012/08/iptables-log-packets/?utm_source=feedburner
- https://www.centos.org/forums/viewtopic.php?t=44666
- http://www.cyberciti.biz/tips/force-iptables-to-log-messages-to-a-different-log-file.html
- http://stackoverflow.com/questions/21771684/iptables-log-and-drop-in-one-rule
- http://tecadmin.net/enable-logging-in-iptables-on-linux/
- http://unix.stackexchange.com/questions/96484/how-can-i-configure-syslog-conf-file-to-log-iptables-messages-in-a-separate-fil
- http://websistent.com/linux-iptables-log-everything/
Ambilgratis.com - kami mengumpulkan informasi yang terserak dan tersebar 
tinggalkan pesan