1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Drop and log with iptables

Discussion in 'Tomato Firmware' started by RTAdams89, Aug 6, 2011.

  1. RTAdams89

    RTAdams89 Network Guru Member

    I've had a script running for some time now (that I may have gotten here) which pulls IPs from an online blocklist and adds them to iptables to be dropped. This is one small section of the script:

    Code:
    iptables -F BOGONSIN
    iptables -F BOGONSOUT
    logger -t IPBlacklist Updating BOGONS list
    wget -q -O - http://www.cymru.com/Documents/bogon-bn-nonagg.txt|grep '^[0-9]\{1,3\}\.'|while read i;do
    iptables -A BOGONSIN -s \$i -j DROP
    iptables -A BOGONSOUT -d \$i -j DROP
    done
    I recently came back to the script after setting up the router to send it's logs to a syslog server I installed. I noticed that connections blocked by the built in iptables rules (such as unsolicited external->internal connections) get logged but the connections dropped due to the script above do not. I attempted to add another rule before each of the DROP rules to log the connection first, but that didn't work.

    This is a simple thing, and I'm sure I'm just missing it from being up too late, so can someone help me out with the proper iptables command to get Tomato 1.28 to log the connection as "DROPPED" (along with the connection info) and then drop the connection?

    Thanks!
     
  2. RTAdams89

    RTAdams89 Network Guru Member

    After a fresh night of sleep, I go it. Created another chain:
    Code:
    iptables -A LOGBLOCK -j LOG -m state --state NEW --log-prefix "BLOCK " --log-ip-options --log-tcp-options --log-level 4
    iptables -A LOGBLOCK -j DROP
    And updated the original code:
    Code:
    iptables -A BOGONSIN -s \$i -j LOGBLOCK
    iptables -A BOGONSOUT -d \$i -j LOGBLOCK
     
  3. mikester

    mikester Network Guru Member

    Is it working?
     

Share This Page