iptables logging
Hi, I have centos 6.5 64bit running with this iptables rule, I would to logging all the drop packet on the input chain to a separate log file to review, please guide me how to do that, thanks
# Generated by iptables-save v1.4.7 on Sat Jun 7 00:56:05 2014
*filter
:INPUT DROP [2:120]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [119:11746]
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 143 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 4190 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 20 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3847 -j ACCEPT
-A INPUT -d x.x.x.x/32 -p icmp -m icmp --icmp-type 8 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Sat Jun 7 00:56:05 2014
Log In to Comment