Jan 19
How to test if your rules are being activated:
# logging just the first packet - this shows an external host is reaching you, # but does not flood messages with notices for every packet.
# Insert at the top of the INPUT chain a request to log only NEW connections
iptables -I INPUT -m state –state NEW -j LOG
Turning off logging on iptables:
# find the logging entry, use –line-number so you know which rule to delete.
iptables -L INPUT –line-number |egrep ‘Chain|LOG’
Chain INPUT (policy DROP)
1 LOG all — anywhere anywhere LOG level warning
# delete it
iptables –delete INPUT 1
## here’s a quicky perl script to get the same info and generate (but not execute) the delete line.
#!/usr/bin/perl
my $CHAIN_NAME;
my $RULE_NUM;
# grab the iptables output
#@iptables_output = qx{iptables -L -n --line-numbers } ;
@iptables_output = qx{~/tmp/iptables -L -n --line-numbers } ;
# cut off the newlines
chomp @iptables_output;
for my $iptables_output_line (@iptables_output) {
( $TMP_CHAIN_NAME ) = $iptables_output_line =~ m/
\A # at the beginning of the line
Chain # match chain
\s+
(\w+(-)?\w+)
/xms
and $CHAIN_NAME = $TMP_CHAIN_NAME;
($RULE_NUM) = $iptables_output_line =~ m/
\A # at the beginning of the line
(\d)+ # match any number of numbers
\s+ # some space
LOG # the literal 'LOG'
/xms
and print "found a log line for $CHAIN_NAME, delete it with:\n",
"\tiptables --delete $CHAIN_NAME $RULE_NUM\n";
}
######### END perl script #######
#A couple of bash helper functions:
function iptshow () {
iptables -L $1 –line-numbers
}
iptedit () {
vi /etc/sysconfig/iptables
}