@Linux User wrote:
Thanks, Ron, for the clear, informative and detailed explanation. Very helpful, and reasurring.
I tried the two rules you suggested. Not sure why, but they didn’t work.
k. Here’s a tip to log your drops…
at the end of your iptables script, you likely have something like:
iptables -A INPUT -j DROP
or
iptables -A OUTPUT -j DROP
Either that, or you just set default policy to drop, then let it drop off the end of the table list.
You can do something like this at the end of script:
/sbin/iptables -N LOGDROP
/sbin/iptables -A LOGDROP -j LOG
/sbin/iptables -A LOGDROP -j DROP
/sbin/iptables -A INPUT -j LOGDROP
/sbin/iptables -A OUTPUT -j LOGDROP
Then, rather than dropping to the default “DROP” rule, any packets that *would* have been dropped instead get logged then dropped. Then you can check your syslog and see what’s being dropped. Then you can see what source addr, dest addr, etc are, and fix your rules.
If you don’t want the syslog traffic, you can keep those normally commented out, and just add them when you want/need the extra logging.
— Ron