I am trying to troubleshoot setting up a firewall and need to log some iptables output.
I have done:
$ sudo iptables -A INPUT -j LOG
and then looked around in my /var/log, even searching with:
$ sudo find /var/log -mmin 1
but cannot find it.
Can you help me figure out where iptables LOGs are going, and if nessisary how to specify a location?
Using Artix with runit.
until your firewall is running there won't be an iptables log
basic firewall is gufw. sudo pacman -S gufw ufw ufw-runit then start ufw. now you got some /var/log/iptables.log
I know that iptables is the firewall built into the kernel. I'd rather use it. I have rules established in /etc/iptables/iptables.rules
On the Arch wiki it says logging is handled by systemd. If we aren't using systemd we have to use a secondary program?
I also know that iptables is running since it is blocking traffic. I just need to find the logs.
$ sudo sv status iptables
run: iptables: (pid 2043) 45183s
My question is really: Arch uses systemd to handle iptables logging. How does Artix do this?
iptables-runit??
yep, installed and running. no log/run though so... maybe i can add that manually? I'll investigate
You probably need to up the iptables --log-level .Default seems to be 'warning'.
I just played around with setting
iptables -A INPUT -j LOG --log-level debug
and also
iptables -A INPUT -j LOG --log-level debug --log-prefix "[IPTABLES] "
And then blocking all traffic. Whole bunch of entries in /var/log/everything.log but also, as a surprise to me, /var/log/iptables.log was created with the same entries.
I do not remember ever doing anything special to get an separate iptables log file but I may have done and forgotten.
Doubt it though /etc/syslog-ng/syslog-ng.conf contains
destination d_iptables { file("/var/log/iptables.log"); };So you probably need to up the level to debug or info to see what you wish and where the logs end up will depend on how / what handles your logging and how it's setup.