LinuxSA Mailing list archives
Index:
[thread]
[date]
[subject]
[author]
[stats]
From: Alain Satre <alain@messagebay.com>
To : David Lloyd <lloy0076@rebel.net.au>
Linuxsa <linuxsa@linuxsa.org.au>
Date: Tue, 13 Feb 2001 18:59:22 -0800
Re: Syslog remote logging - ipchains
Thank you Very much David Lloyd, and Daryl Tester!
I have been wanting to use ipchains for a few days now. Most of my systems run
RH6.2 2.2-14, im uping to 2.2-17 soon. I did take a look at syntax in the man
pages, however I still didn't have a clue as to how to write a rule. I did see some
good faq's online about using it, but still had no good examples.
I will try these, and go from there. If you could, quickly that is, let me know how
to disallow all ftp access to a subnet, but allowing another subnet full access?
Far too many people are trying anonymous ftp to our sites, and it would be nice to
drop them at the front door. However I would like to know if you can log the IP
before it is dropped. Maybe then I can track down who the annoying party is.
Alain-
David Lloyd wrote:
> alain!
>
> > What about specifying the line twice?
> > i.e.
> > mail.info /var/log/maillog
> > mail.info @syslog.server
>
> The first one seems to catch it.
>
> > In some examples it looks like you can do this, and it will write to both. I
> > havent tried it yet, but it may work.
>
> I tried that and it don't work.
>
> > Syslog -r ? Thats it? I would hope that doesnt allow untrsted hosts to send
> > syslog data to your host? Is there a way to allow certain ip's? or just all
> > or nothing?
>
> Run some firewall rules on your hosts. Something like:
>
> ipchains -A input -i ppp+ -s any/0 -d $MYIP 541 -p udp -j DENY
> ipchains -A input -i eth+ -s $MYSUBNET $THESUBNET -d $MYIPD 541 -p udp
> -j ACCEPT
>
> And if you have a default policy of deny that will only allow syslog to
> your local subnet and deny anything on a ppp link...
>
> DL
>
> --
> Let's get loud, let's get loud,
> Ain't nobody gonna tell me
> Who I'm allowed to do now...
--
LinuxSA WWW: http://www.linuxsa.org.au/ IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject
Index:
[thread]
[date]
[subject]
[author]
[stats]
Return to the LinuxSA Mailing List Information Page