micbat / x-wrt

Automatically exported from code.google.com/p/x-wrt
0 stars 0 forks source link

firewall log rules are wrong #55

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
they log also the traffic that may be allowed by the subsequent rules
http://pastebin.ca/924799

03/10/08 14:46:27 changed by lubek 

The pastebin has expired. The possible ruleset is included: 
# create logb4end chains
for target in filter nat; do
        $IPTABLES -t $target -N logb4end
        $IPTABLES -t $target -A logb4end -j LOG --log-level debug
--log-prefix "B4END: "
        $IPTABLES -t $target -A logb4end -j RETURN
done

# INPUT
$IPTABLES -I INPUT 1 -m state --state INVALID -j logb4end
$IPTABLES -I INPUT 4 -p tcp --tcp-flags SYN SYN --tcp-option \! 2 -j logb4end
$IPTABLES -I INPUT 11 -j logb4end
# FORWARD
$IPTABLES -I FORWARD 1 -m state --state INVALID -j logb4end
$IPTABLES -A FORWARD -j logb4end
# OUTPUT
$IPTABLES -I OUTPUT 1 -m state --state INVALID -j logb4end
$IPTABLES -I OUTPUT 6 -j logb4end
#NEW
$IPTABLES -t nat -I NEW 2 -j logb4end

Original issue reported on code.google.com by kemen04@gmail.com on 27 Jun 2008 at 1:30

GoogleCodeExporter commented 8 years ago

Original comment by kemen04@gmail.com on 17 Jul 2008 at 3:52

GoogleCodeExporter commented 8 years ago

Original comment by kemen04@gmail.com on 8 Aug 2008 at 4:44