Posted: Fri Oct 21, 2022 21:26 Post subject: iptables - programmatically examine dropped IPs?
Existing process creates a logdrop entry for offending IPs in iptables. Would like to see how often blocked IPs gets dropped afterward.
Looked in /var/log/messages and see nothing related to dropped attempts. In the security tab, see blocked entires in the incoming log. How do I programmatically get access to which hosts have been blocked/rejected/dropped?
Fiddled with the logging options and nothing I've done makes these entries show up in /var/log/messages... Also scanned the entire router (find/exec/grep) looking for these in a file.. nothing. Please help.
Joined: 26 Mar 2013 Posts: 1858 Location: Hung Hom, Hong Kong
Posted: Sat Oct 22, 2022 4:27 Post subject: Re: iptables - programmatically examine dropped IPs?
inetquestion wrote:
Looked in /var/log/messages and see nothing related to dropped attempts. In the security tab, see blocked entires in the incoming log. How do I programmatically get access to which hosts have been blocked/rejected/dropped?
Fiddled with the logging options and nothing I've done makes these entries show up in /var/log/messages... Also scanned the entire router (find/exec/grep) looking for these in a file.. nothing. Please help.
Go to Security->Firewall->Log Management and set options! Need at least {Medium} level.
Also make sure that you enabled logging in Services->Services->System Log.
Might need to reboot router.
Post screenshots of these 2 sections in the WEBUI IF you still cannot fix this problem afterwards.
Code:
~# grep -i drop /var/log/messages
Oct 22 12:33:40 rt-n18u kern.warn kernel: [ 3940.302062] DROP IN=vlan2 OUT= MAC=38:2c:4a:65:09:f9:74:1f:4a:33:8b:8d:08:00:45:00:00:28 SRC=72.167.32.184 DST=110.235.6.9 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=5122 PROTO=TCP SPT=44951 DPT=3389 SEQ=717299510
ACK=0 WINDOW=1024
Oct 22 12:33:40 rt-n18u kern.warn kernel: [ 3941.115875] DROP IN=br0 OUT=vlan2 MAC=38:2c:4a:65:09:f8:e0:d5:5e:b1:05:9a:08:00 SRC=192.168.1.123 DST=23.198.117.71 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=37033 DF PROTO=TCP SPT=51081 DPT=443 SEQ=3494782615 AC
=71401376 WINDOW=
Oct 22 12:33:40 rt-n18u kern.warn kernel: [ 3941.138278] DROP IN=br0 OUT=vlan2 MAC=38:2c:4a:65:09:f8:e0:d5:5e:b1:05:9a:08:00 SRC=192.168.1.123 DST=23.198.117.71 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=37034 DF PROTO=TCP SPT=51082 DPT=443 SEQ=3936103190 AC
=88357969 WINDOW=
.....
_________________ Router: Asus RT-N18U (rev. A1)
Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!