iptables - programmatically examine dropped IPs?

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
View previous topic :: View next topic  
Author Message
inetquestion
DD-WRT User


Joined: 24 Sep 2015
Posts: 67
PostPosted: Fri Oct 21, 2022 21:26    Post subject: iptables - programmatically examine dropped IPs? Reply with quote
Existing process creates a logdrop entry for offending IPs in iptables. Would like to see how often blocked IPs gets dropped afterward.

Looked in /var/log/messages and see nothing related to dropped attempts. In the security tab, see blocked entires in the incoming log. How do I programmatically get access to which hosts have been blocked/rejected/dropped?

Fiddled with the logging options and nothing I've done makes these entries show up in /var/log/messages... Also scanned the entire router (find/exec/grep) looking for these in a file.. nothing. Please help.

TIA
Back to top View user's profile Send private message
Sponsor
mwchang
DD-WRT Guru


Joined: 26 Mar 2013
Posts: 1857
Location: Hung Hom, Hong Kong
PostPosted: Sat Oct 22, 2022 4:27    Post subject: Re: iptables - programmatically examine dropped IPs? Reply with quote
inetquestion wrote:
Looked in /var/log/messages and see nothing related to dropped attempts. In the security tab, see blocked entires in the incoming log. How do I programmatically get access to which hosts have been blocked/rejected/dropped?

Fiddled with the logging options and nothing I've done makes these entries show up in /var/log/messages... Also scanned the entire router (find/exec/grep) looking for these in a file.. nothing. Please help.

Go to Security->Firewall->Log Management and set options! Need at least {Medium} level.

Also make sure that you enabled logging in Services->Services->System Log.

Might need to reboot router.

Post screenshots of these 2 sections in the WEBUI IF you still cannot fix this problem afterwards.

Code:
~# grep -i drop /var/log/messages

Oct 22 12:33:40 rt-n18u kern.warn kernel: [ 3940.302062] DROP IN=vlan2 OUT= MAC=38:2c:4a:65:09:f9:74:1f:4a:33:8b:8d:08:00:45:00:00:28 SRC=72.167.32.184 DST=110.235.6.9 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=5122 PROTO=TCP SPT=44951 DPT=3389 SEQ=717299510
ACK=0 WINDOW=1024
Oct 22 12:33:40 rt-n18u kern.warn kernel: [ 3941.115875] DROP IN=br0 OUT=vlan2 MAC=38:2c:4a:65:09:f8:e0:d5:5e:b1:05:9a:08:00 SRC=192.168.1.123 DST=23.198.117.71 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=37033 DF PROTO=TCP SPT=51081 DPT=443 SEQ=3494782615 AC
=71401376 WINDOW=
Oct 22 12:33:40 rt-n18u kern.warn kernel: [ 3941.138278] DROP IN=br0 OUT=vlan2 MAC=38:2c:4a:65:09:f8:e0:d5:5e:b1:05:9a:08:00 SRC=192.168.1.123 DST=23.198.117.71 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=37034 DF PROTO=TCP SPT=51082 DPT=443 SEQ=3936103190 AC
=88357969 WINDOW=
.....


_________________
Router: Asus RT-N18U (rev. A1)

Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!

Facebook: https://www.facebook.com/changmanwai
Website: https://sites.google.com/site/changmw
SETI@Home profile: http://setiathome.berkeley.edu/view_profile.php?userid=211832
GitHub: https://github.com/changmw/changmw
Back to top View user's profile Send private message Send e-mail Visit poster's website
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum