Forum Mjukvara Linux och övriga operativsystem Tråd Inlägg

iptables logga IP på port

1
Skriv svar
Permalänk
Medlem

iptables logga IP på port

Hej hej Sweclockare. Jag vill logga inkommande IP på en port men skulle vilja ha det lite mer begränsat, men den regeln jag har nu fylls loggen upp på nolltid. Den liksom loggar varje ny sorts paket men jag vill bara ha initial connect.

-A INPUT -i eth6 -p udp -m udp --dport 25699 -m state --state NEW -m limit --limit 2/min -j LOG --log-prefix "new Connection"

Förslag mottages tacksamt.

exempel på en liten bit logg

Dec 20 10:51:28hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=1640 PROTO=UDP SPT=58134 DPT=25699 LEN=20
Dec 20 10:51:28hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=53 TOS=0x00 PREC=0x00 TTL=55 ID=1642 PROTO=UDP SPT=58134 DPT=25699 LEN=33
Dec 20 10:51:28hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=39 TOS=0x00 PREC=0x00 TTL=55 ID=1644 PROTO=UDP SPT=58134 DPT=25699 LEN=19
Dec 20 10:51:28hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=39 TOS=0x00 PREC=0x00 TTL=55 ID=1646 PROTO=UDP SPT=58134 DPT=25699 LEN=19
Dec 20 10:51:28hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=42 TOS=0x00 PREC=0x00 TTL=55 ID=1648 PROTO=UDP SPT=58134 DPT=25699 LEN=22
Dec 20 12:17:42hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=33 TOS=0x00 PREC=0x00 TTL=55 ID=30137 PROTO=UDP SPT=61254 DPT=25699 LEN=13
Dec 20 12:17:42hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=30119 PROTO=UDP SPT=61254 DPT=25699 LEN=20
Dec 20 12:17:42hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=53 TOS=0x00 PREC=0x00 TTL=55 ID=30121 PROTO=UDP SPT=61254 DPT=25699 LEN=33
Dec 20 12:17:42hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=39 TOS=0x00 PREC=0x00 TTL=55 ID=30123 PROTO=UDP SPT=61254 DPT=25699 LEN=19
Dec 20 12:17:42hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=39 TOS=0x00 PREC=0x00 TTL=55 ID=30125 PROTO=UDP SPT=61254 DPT=25699 LEN=19
Dec 20 12:20:25hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=31920 PROTO=UDP SPT=65384 DPT=25699 LEN=20
Dec 20 12:20:25hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=53 TOS=0x00 PREC=0x00 TTL=55 ID=31922 PROTO=UDP SPT=65384 DPT=25699 LEN=33
Dec 20 12:20:25hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=39 TOS=0x00 PREC=0x00 TTL=55 ID=31924 PROTO=UDP SPT=65384 DPT=25699 LEN=19
Dec 20 12:20:25hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=39 TOS=0x00 PREC=0x00 TTL=55 ID=31926 PROTO=UDP SPT=65384 DPT=25699 LEN=19
Dec 20 12:20:25hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=42 TOS=0x00 PREC=0x00 TTL=55 ID=31928 PROTO=UDP SPT=65384 DPT=25699 LEN=22
Dec 20 14:02:45hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=31916 PROTO=UDP SPT=59854 DPT=25699 LEN=20
Dec 20 14:02:45hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=53 TOS=0x00 PREC=0x00 TTL=55 ID=31918 PROTO=UDP SPT=59854 DPT=25699 LEN=33
Dec 20 14:02:45hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=39 TOS=0x00 PREC=0x00 TTL=55 ID=31920 PROTO=UDP SPT=59854 DPT=25699 LEN=19
Dec 20 14:02:45hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=39 TOS=0x00 PREC=0x00 TTL=55 ID=31922 PROTO=UDP SPT=59854 DPT=25699 LEN=19
Dec 20 14:02:45hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=42 TOS=0x00 PREC=0x00 TTL=55 ID=31924 PROTO=UDP SPT=59854 DPT=25699 LEN=22
Dec 20 15:06:24hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=52 TOS=0x00 PREC=0x00 TTL=55 ID=12207 PROTO=UDP SPT=53345 DPT=25699 LEN=32
Dec 20 15:06:24hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=12175 PROTO=UDP SPT=53345 DPT=25699 LEN=20
Dec 20 15:06:24hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=53 TOS=0x00 PREC=0x00 TTL=55 ID=12177 PROTO=UDP SPT=53345 DPT=25699 LEN=33
Dec 20 15:06:24hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=39 TOS=0x00 PREC=0x00 TTL=55 ID=12179 PROTO=UDP SPT=53345 DPT=25699 LEN=19

Dold text
Redigera
Citera flera Citera
Permalänk
Medlem
Skrivet av tjabo:

Hej hej Sweclockare. Jag vill logga inkommande IP på en port men skulle vilja ha det lite mer begränsat, men den regeln jag har nu fylls loggen upp på nolltid. Den liksom loggar varje ny sorts paket men jag vill bara ha initial connect.

-A INPUT -i eth6 -p udp -m udp --dport 25699 -m state --state NEW -m limit --limit 2/min -j LOG --log-prefix "new Connection"

Förslag mottages tacksamt.

exempel på en liten bit logg

Dec 20 10:51:28hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=1640 PROTO=UDP SPT=58134 DPT=25699 LEN=20
Dec 20 10:51:28hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=53 TOS=0x00 PREC=0x00 TTL=55 ID=1642 PROTO=UDP SPT=58134 DPT=25699 LEN=33
Dec 20 10:51:28hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=39 TOS=0x00 PREC=0x00 TTL=55 ID=1644 PROTO=UDP SPT=58134 DPT=25699 LEN=19
Dec 20 10:51:28hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=39 TOS=0x00 PREC=0x00 TTL=55 ID=1646 PROTO=UDP SPT=58134 DPT=25699 LEN=19
Dec 20 10:51:28hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=42 TOS=0x00 PREC=0x00 TTL=55 ID=1648 PROTO=UDP SPT=58134 DPT=25699 LEN=22
Dec 20 12:17:42hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=33 TOS=0x00 PREC=0x00 TTL=55 ID=30137 PROTO=UDP SPT=61254 DPT=25699 LEN=13
Dec 20 12:17:42hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=30119 PROTO=UDP SPT=61254 DPT=25699 LEN=20
Dec 20 12:17:42hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=53 TOS=0x00 PREC=0x00 TTL=55 ID=30121 PROTO=UDP SPT=61254 DPT=25699 LEN=33
Dec 20 12:17:42hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=39 TOS=0x00 PREC=0x00 TTL=55 ID=30123 PROTO=UDP SPT=61254 DPT=25699 LEN=19
Dec 20 12:17:42hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=39 TOS=0x00 PREC=0x00 TTL=55 ID=30125 PROTO=UDP SPT=61254 DPT=25699 LEN=19
Dec 20 12:20:25hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=31920 PROTO=UDP SPT=65384 DPT=25699 LEN=20
Dec 20 12:20:25hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=53 TOS=0x00 PREC=0x00 TTL=55 ID=31922 PROTO=UDP SPT=65384 DPT=25699 LEN=33
Dec 20 12:20:25hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=39 TOS=0x00 PREC=0x00 TTL=55 ID=31924 PROTO=UDP SPT=65384 DPT=25699 LEN=19
Dec 20 12:20:25hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=39 TOS=0x00 PREC=0x00 TTL=55 ID=31926 PROTO=UDP SPT=65384 DPT=25699 LEN=19
Dec 20 12:20:25hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=42 TOS=0x00 PREC=0x00 TTL=55 ID=31928 PROTO=UDP SPT=65384 DPT=25699 LEN=22
Dec 20 14:02:45hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=31916 PROTO=UDP SPT=59854 DPT=25699 LEN=20
Dec 20 14:02:45hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=53 TOS=0x00 PREC=0x00 TTL=55 ID=31918 PROTO=UDP SPT=59854 DPT=25699 LEN=33
Dec 20 14:02:45hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=39 TOS=0x00 PREC=0x00 TTL=55 ID=31920 PROTO=UDP SPT=59854 DPT=25699 LEN=19
Dec 20 14:02:45hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=39 TOS=0x00 PREC=0x00 TTL=55 ID=31922 PROTO=UDP SPT=59854 DPT=25699 LEN=19
Dec 20 14:02:45hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=42 TOS=0x00 PREC=0x00 TTL=55 ID=31924 PROTO=UDP SPT=59854 DPT=25699 LEN=22
Dec 20 15:06:24hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=52 TOS=0x00 PREC=0x00 TTL=55 ID=12207 PROTO=UDP SPT=53345 DPT=25699 LEN=32
Dec 20 15:06:24hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=12175 PROTO=UDP SPT=53345 DPT=25699 LEN=20
Dec 20 15:06:24hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=53 TOS=0x00 PREC=0x00 TTL=55 ID=12177 PROTO=UDP SPT=53345 DPT=25699 LEN=33
Dec 20 15:06:24hola kernel: new ConnectionIN=eth6 OUT= MAC=56:00:00:1a:7d:ac:fe:00:00:1a:7d:ac:08:00 SRC=sammaipnummer DST=annat_fast_sammaipnummerLEN=39 TOS=0x00 PREC=0x00 TTL=55 ID=12179 PROTO=UDP SPT=53345 DPT=25699 LEN=19

Dold text
Gå till inlägget

Du loggar UDP, vilket är stateless. Du får alltså en "ny" anslutning vid varje paket, därför blir det så. Frågan är om du kan få iptables att logga vid varje ny kombination av src-spt-dst-dpt?

/zyber

Visa signatur

Jag är en optimist; det är aldrig så dåligt så att det inte kan bli sämre.

Redigera
Citera flera Citera
Permalänk
Medlem

jag är amatör på området, kan man lägga in paket längd i regeln kanske?

nånting -m length --length 112 -m recent --name 112bytes1 --set

edit:

-A INPUT -i eth6 -p udp -m udp --dport 25699 -m length --length 112 -m state --state NEW -j LOG --log-prefix "new Connection"

gav en rad, kolla på "LEN=112" tror det kan funka, får testa ett tag och se.

Dec 21 21:27:45  kernel: new ConnectionIN=eth6 OUT= MAC=00:e6:c7:520:08:00 SRC=mitt_ip DST=mål_ip LEN=112 TOS=0x00 PREC=0x00 TTL=52 ID=13666 PROTO=UDP SPT=51838 DPT=25699 LEN=92

edit igen, rättade till vilken code jag använt, tog bort limit 2/min delen, behövs inte längre.

Senast redigerat
Redigera
Citera flera Citera
1
Skriv svar
Senaste nyheterna
Hårdvara
Mjukvara
Övrigt
Nytt i forumet
Datorkomponenter
System
Ljud, bild och kommunikation
Spel och mjukvara