iptables logs

Topic: iptables logs (Read 925 times) previous topic - next topic

0 Members and 1 Guest are viewing this topic.

iptables logs

19 July 2022, 17:06:23

I am trying to troubleshoot setting up a firewall and need to log some iptables output.

I have done:

$ sudo iptables -A INPUT -j LOG

and then looked around in my /var/log, even searching with:

Code: [Select]

$ sudo find /var/log -mmin 1

but cannot find it.

Can you help me figure out where iptables LOGs are going, and if nessisary how to specify a location?

Using Artix with runit.

Re: iptables logs

Reply #1 – 19 July 2022, 17:21:35

Quote from: pshaw – on 19 July 2022, 17:06:23

I am trying to troubleshoot setting up a firewall and need to log some iptables output.

I have done:
Code: [Select]
$ sudo iptables -A INPUT -j LOG
and then looked around in my /var/log, even searching with:
Code: [Select]
$ sudo find /var/log -mmin 1
but cannot find it.

Can you help me figure out where iptables LOGs are going, and if nessisary how to specify a location?

Using Artix with runit.

until your firewall is running there won't be an iptables log

basic firewall is gufw. sudo pacman -S gufw ufw ufw-runit then start ufw. now you got some /var/log/iptables.log

Re: iptables logs

Reply #2 – 19 July 2022, 17:27:16

I know that iptables is the firewall built into the kernel. I'd rather use it. I have rules established in /etc/iptables/iptables.rules

On the Arch wiki it says logging is handled by systemd. If we aren't using systemd we have to use a secondary program?

I also know that iptables is running since it is blocking traffic. I just need to find the logs.

Code: [Select]

$ sudo sv status iptables

run:  iptables: (pid 2043)  45183s

Re: iptables logs

Reply #3 – 19 July 2022, 17:37:35

My question is really: Arch uses systemd to handle iptables logging. How does Artix do this?

Re: iptables logs

Reply #4 – 19 July 2022, 19:12:54

iptables-runit??

Re: iptables logs

Reply #5 – 19 July 2022, 20:11:08

yep, installed and running. no log/run though so... maybe i can add that manually? I'll investigate

Re: iptables logs

Reply #6 – 20 July 2022, 15:09:05

Quote from: pshaw – on 19 July 2022, 20:11:08

yep, installed and running. no log/run though so... maybe i can add that manually? I'll investigate

You probably need to up the iptables --log-level .Default seems to be 'warning'.
I just played around with setting

Code: [Select]

iptables -A INPUT -j LOG --log-level debug

and also

Code: [Select]

iptables -A INPUT -j LOG --log-level debug --log-prefix "[IPTABLES] "

And then blocking all traffic. Whole bunch of entries in /var/log/everything.log but also, as a surprise to me, /var/log/iptables.log was created with the same entries.

I do not remember ever doing anything special to get an separate iptables log file but I may have done and forgotten.
Doubt it though /etc/syslog-ng/syslog-ng.conf contains

Code: [Select]

destination d_iptables { file("/var/log/iptables.log"); };

So you probably need to up the level to debug or info to see what you wish and where the logs end up will depend on how / what handles your logging and how it's setup.