Here is a quick reference for the format used by the netfilter log messages.  This is all derived from the source of the netfilter kernel modules (Linux kernel 2.4.2). Below is a hypothetical log message generated by netfilter. It is based on a real log entry but I have added all possible IP and TCP [...]
Archive for the ‘Linux’ Category
Netfilter Log Format Issues
Posted: 28th July 2010 by admin in LinuxTags: firewall, logs, netfilter
Positives Netfilter logs are intuitive and easy to read by the occasional, non-expert admin. They provide much more information than f.e. ipchains, in particular about the transport protocol. Show the header of messages returned inside an ICMP packet. Consistency Issues Most items in the log use the LABEL=value format, but: flags appear on their own, [...]
Here is a quick reference for the format used by the ipchains log messages. This is mostly taken from the ipchains-HOWTO A typical log message generated by ipchains: Jun 16 08:00:38 megahard kernel: Packet log: forward DENY eth1 PROTO=17 a.b.c.d:234 w.x.y.z:34567 L=78 S=0×00 I=13413 F=0×0000 T=112 (#16) The leading part is self explanatory. The remaining [...]
Packet filtering firewall: Linux ipchains implement a packet filtering firewall and can be considered medium security if implemented properly. A packet filtering firewall looks at each packet individually, it does not (can not) consider any previous packets which may be part of a multiple packet transaction. In other words, a packet filtering firewall is stateless.
What is the difference between REJECT and DENY?
Posted: 26th July 2010 by admin in LinuxTags: deny, firewall, reject
With ipchains you can ACCEPT, REJECT or DENY a packet. What ACCEPT does is self-explainatory, but nearly everybody asks what the difference between REJECT and DENY is and which one is better. And how does nmap see the ports? Below is my attempt at explaining the differences. The example transactions were captured with tcpdump.