mardi 3 avril 2012

Webmin, firewall

Le script à utiliser pour générer les logs (enfin ca ne marche pas mais je vais voir +tard)
#--------------------------------------------------------------- # Log and drop all other packets to file /var/log/messages # Without this we could be crawling around in the dark #---------------------------------------------------------------   iptables -A OUTPUT -j LOG iptables -A INPUT -j LOG iptables -A FORWARD -j LOG   iptables -A OUTPUT -j DROP iptables -A INPUT -j DROP iptables -A FORWARD -j DROP
Lorsque l'on génère les régles pour monitorer le réseau le script est générer à cet endroit mais il n'est pas executé.

Rules file /var/lib/iptables/active

cat /var/lib/iptables/active
# Generated by webmin *filter :FORWARD ACCEPT [0:0] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A FORWARD -o eth1 -j LOG --log-level 7 --log-prefix BANDWIDTH_OUT: -A FORWARD -i eth1 -j LOG --log-level 7 --log-prefix BANDWIDTH_IN: -A OUTPUT -o eth1 -j LOG --log-level 7 --log-prefix BANDWIDTH_OUT: -A INPUT -i eth1 -j LOG --log-level 7 --log-prefix BANDWIDTH_IN: COMMIT # Completed # Generated by webmin *mangle :FORWARD ACCEPT [0:0] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] COMMIT # Completed # Generated by webmin *nat :PREROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A POSTROUTING -o eth0 -j MASQUERADE -A POSTROUTING -o eth0 -j MASQUERADE COMMIT # Completed


iptables list
iptables list configuration (use iptables -L -n to show numeric ip and port numbers)
# iptables -L   Chain INPUT (policy ACCEPT) target     prot opt source               destination LOG        all  --  anywhere             anywhere            LOG level debug prefix `BANDWIDTH_IN:'  Chain FORWARD (policy ACCEPT) target     prot opt source               destination LOG        all  --  anywhere             anywhere            LOG level debug prefix `BANDWIDTH_OUT:' LOG        all  --  anywhere             anywhere            LOG level debug prefix `BANDWIDTH_IN:'  Chain OUTPUT (policy ACCEPT) target     prot opt source               destination LOG        all  --  anywhere             anywhere            LOG level debug prefix `BANDWIDTH_OUT:'

iptables logfile
/etc/syslog.conf
kern.=debug     -/var/log/bandwidth

sources
http://doxfer.webmin.com/Webmin/LinuxFirewall
http://www.adella.org/spip/Configurer-IPTABLES-avec-WEBMIN
http://ubuntuforums.org/archive/index.php/t-1442954.html
http://fsse.info/IpTables
http://fsse.info/WebMinFirewall
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch14_:_Linux_Firewalls_Using_iptables
Publié par à
Libellés : , ,

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)