CCNA HUB

CCNA and Linux Training Hub!

CCNA and Linux Training Hub!

  • Home
  • R&S
    • IP Fundamentals
    • Switching
    • Routing
    • IPv4 Suite
    • IPv6 Suite
    • Labs
  • Linux
    • Virtualization 101
    • Basic Configuration
    • Security Measures
    • Database Server
    • Web Server
    • HTTP Tuneup
    • FTP Server
    • Mail Server
    • DNS Server
    • Control Panels
    • Monitoring
    • Backup and Maintenance
  • WordPress
  • About
    • Contact Us
    • Be part of It
    • Under the Hood
CCNA HUB > Blog > Linux > Linux Hardening Rules and IPtables Firewall > Redirecting IPtables Firewall Logging Location

Redirecting IPtables Firewall Logging Location

By Imad Daou Leave a Comment

Post Views: 29,345

Building Professional Web Hosting Solution
<< Securing and Protecting Linux System Course
>> Linux Hardening Rules and IPtables Firewall Section

section table
  1. Preparing Linux Script Startup Environment
  2. Applying Linux Kernel Hardening Rules
  3. Applying System and Network Tuneup Rules
  4. Implementing Stateful Firewall Using IPtables
  5. Redirecting IPtables Firewall Logging Location
  6. Testing IPtables using Nmap Scanning Tool
  7. Logging and Trapping Port Scanning Tools
Image Source
Image Source

Since Syslog and Messages files log random system events, hence, Redirecting IPtables Firewall Logging Location to its own file is better option. IPtables Logging redirection and Persistent rules would be the last thing to finalize IPtables Setup. Log rules will redirect IPtables default logging location from /var/log/syslog (Under Debian Based) and /var/log/messages (Under Red Hat Based) to it’s own logging file located at /var/log/iptables.log.

Objectives:

1. Redirecting IPtables Logging Location

2. Red Hat Based – IPtables Rules Persistent

3. Red Hat Based – IPtables Rules Persistent

4. Disallow Pinging your VPS from Outside

Prerequisites:

A. Basic Debian or Red Hat System Knowledge

B. Login to your DigitalOcean or Vultr Account

Recommendations:

For better performance, use VPS with at least 2 CPUs, 4G Memory, 1G Bandwidth, and SSD Storage drive.

Table of Contents

  • Redirecting IPtables Logging Location
  • Debian Based – IPtables Rules Persistent
  • Red Hat Based – IPtables Rules Persistent
  • Disallow Pinging your VPS from Outside

Redirecting IPtables Logging Location

Run the following steps (1 to 6)

IPtables default logging location is either kern.log, syslog, or messages files. I recommend to create its own logging file.

1. Create iptables.conf under /etc/rsyslog.d/

nano /etc/rsyslog.d/iptables.conf

Copy and paste below log settings inside iptables.conf

#!/bin/bash
# IPtables LOGGING RULES #

# The script uses log level 7 across all log events
# Log Specific IPtables Events which contains "IPT " or "IP6 "
 :msg,contains,"IPT " -/var/log/iptables.log
 :msg,contains,"IP6 " -/var/log/iptables.log
 :msg,contains,"IPT " ~
 :msg,contains,"IP6 " ~
#log everything else to /var/log/iptables.log
kern.=debug             /var/log/iptables.log
# "~" or "stop" prevent log lines from application iptables to be processed by any other filters
& stop # prevent log lines from application iptables to be processed by any other filters

Note: Using older versions of rsyslog, you may have to replace the word stop on the last line with the ~ character; on newer version of Debian, Ubuntu, CentOS the ~ character as a stop indicator has been deprecated and will cause warning messages when (re)starting the rsyslog service. For now I am using stop value instead of ~ character.

Save: Ctrl-X, Hit Y Key, and Enter

2. Create a log rotate iptables file under /etc/logrotate.d/

nano /etc/logrotate.d/iptables

Copy and past the following code inside iptables file

#!/bin/bash
/var/log/iptables.log
 {
 rotate 10
 monthly
 missingok
 notifempty
 compress
 delaycompress
 sharedscripts
 postrotate
 invoke-rc.d rsyslog reload >/dev/null 2>&1 || true
 endscript
 }

Save: Ctrl-X, Hit Y Key, and Enter

3. Restart Rsyslog Service

service rsyslog restart

Verify IPtables Log Rotation

Note: If you still don’t see iptables.log file yet, wait few minutes till IPtables generate some logging. To generate some logging, open another SSH session. You should see iptables.log created among the log files under /var/log directory:

4. View logging location

ls -lah /var/log/ | grep iptables

The log shoud be created as shown below.

[...]
-rw-r-----  1 root   adm     0 Mar  9 21:34 iptables.log
[...]

5. Run the Log Rotation Manually

Log rotation will happens automatically, but for testing purpose you can run the command manually, however, wait few more minutes before running the command.

logrotate -vf /etc/logrotate.d/iptables

Optional – To rotate all log files, run the following command.

logrotate -vf /etc/logrotate.conf

6. View IPtables Logs Again

ls -lah /var/log/ | grep iptables
[...]
-rw-r-----  1 root   adm  2.7K Mar 10 09:43 iptables.log
-rw-r-----  1 root   adm  415K Mar 10 09:43 iptables.log.1
[...]

As you probably noticed, *.log.1 indicates that the file has been rotated and new file created. After certain number of weeks, iptables.log file will be rotated few times and later on the old logs will be deleted as stated under /etc/logrotate.d/iptables.

Debian Based – IPtables Rules Persistent

WARNING!!! As of this writing and testing on DigitalOcean, IPtables Rules Persistent at the startup disabled the public interface. A conflict is happening some where. Using only IPtables Script at the startup is just fine and you don’t need IPtables persistent rules as shown below.

Note: Step 3 below to restore the IPtables rules at startup is disabled by default, however, you can set step 1 and 2 to save the rules to a file if the system rebooted.

Run the following steps (1 to 8)

1. Create IPtables Save File

nano /etc/network/if-post-down.d/iptables

Paste the following:

#!/bin/bash
# IPtables Save Rules
iptables-save > /etc/network/iptables.rules
ip6tables-save > /etc/network/ip6tables.rules

Save: Ctrl-X, Hit Y Key, and Enter

2. Apply Execution Permission

chmod +x /etc/network/if-down.d/iptables

3. Create IPtables Restore File

nano /etc/network/if-up.d/iptables

Paste the following:

#!/bin/bash
# IPtables Restore Rules
#iptables-restore < /etc/network/iptables.rules
#ip6tables-restore < /etc/network/ip6tables.rules

Save: Ctrl-X, Hit Y Key, and Enter

As you can see, when you restart the VPS, persistence will save iptables rules under /etc/network for IPv4 and IPv6 respectively, and restore them at the startup.

4. Apply Execution Permission

chmod +x /etc/network/if-up.d/iptables

Red Hat Based – IPtables Rules Persistent

These are optional steps since IPtables Script will run at the startup, but if you still like to set IPtables Rules Persistent, here are the steps for you.

Run the following steps (1 to 5)

1. Save IPtables Firewall Rules

/sbin/service iptables save

You should see the following output:

iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]

2. Save IP6tables Firewall Rules

/sbin/service ip6tables save

You should see the following output:

ip6tables: Saving firewall rules to /etc/sysconfig/ip6table[  OK  ]

3. Verify IPtables Saving

IPtables should be saved under /etc/sysconfig/ folder

cat  /etc/sysconfig/iptables

And

cat /etc/sysconfig/ip6tables

4. Edit IPtables Script

nano /etc/network/iptables/iptfw4and6-single-node.sh

Add the following IPtables saving commands at the end of the IPtables Script right before “exit 0”.

# IPtables Saving Commands
/sbin/service iptables save

# IP6tables Saving Commands
/sbin/service ip6tables save

exit 0

5. Reapply IPtables Script

/etc/network/iptables/iptfw4and6-single-node.sh

You will notice the saving output at the end.

[...]
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]
ip6tables: Saving firewall rules to /etc/sysconfig/ip6table[  OK  ]

Disallow Pinging your VPS from Outside

There are 2 methods to disallow pinging your VPS:

  • IPtables Rules
  • Kernel Rules

A. Disallow Pinging using IPtables Rules

Run the following steps (1 to 2)

1. Edit IPtables Firewall Script

nano /etc/network/iptables/iptfw4and6-single-node.sh

Ctrl-w and search for “Authorize Pinging“, don’t copy the quotes.

To disallow pinging at the public interface, comment the following lines as shown below:

# Authorize Pinging with Limit Protection

# Allow Incoming pinging through Public Interface
#$IPT -A INPUT -i $PUB_IF -p icmp --icmp-type echo-request -m limit --limit 1/s -m comment --comment "Accept ICMP echo." -j ACCEPT
#$IP6 -A INPUT -i $PUB_IF -p ipv6-icmp --icmpv6-type echo-request -m limit --limit 1/s -m comment --comment "Accept ICMP echo." -j ACCEPT

Save: Ctrl-X, Hit Y Key, and Enter

2. Reapply IPtables Firewall Script

/etc/network/iptables/iptfw4and6-single-node.sh

B. Disallow Pining using Kernel Rules

Note: Using IPtables, will disallow pining from specific interface such Public Interface, but using Kernel Rules, will disable incoming pinging into all interface cards. As single VPS, it should be fine if you like to disable pinging into all interface cards. However, if I have Multiple VPS instances and I am using Private Network, I would use IPtables instead to disable pinging only into Public Interface.

Run the following steps (1 to 2)

1. Edit Kernel Rules Script

nano /etc/network/iptables/kernel-hardening-rules.sh

Press Ctrl-w and Search for Ping. Flip 1 to 0 as shown below:

# Disable Globally Ping Response from Public or Private Networks.
$SYSCTL net.ipv4.icmp_echo_ignore_all=1

Save: Ctrl-X, Hit Y Key, and Enter

2. Re-apply Kernel Rules

/etc/network/iptables/kernel-hardening-rules.sh

Allow Pinging Again

Note: Remember the following when dealing with kernel rules:

0 (zero)  -> Rule Disabled / OFF
1 (one)   -> Rule Enabled / ON

Edit kernel-hardening-rules.sh again and flip 1 to 0:

# Disable Globally Ping Response from Public or Private Networks.
$SYSCTL net.ipv4.icmp_echo_ignore_all=0

Then, run Only this specific Kernel Rule

sysctl net.ipv4.icmp_echo_ignore_all=0
[divider top=”no]

By Linux IPtables Firewall by Arch | Debian IPtables Firewall | CentOS IPtables Firewall

Subject Related

Building Professional Web Hosting Solution
<< Securing and Protecting Linux System Course
>> Linux Hardening Rules and IPtables Firewall Section

section table
  1. Preparing Linux Script Startup Environment
  2. Applying Linux Kernel Hardening Rules
  3. Applying System and Network Tuneup Rules
  4. Implementing Stateful Firewall Using IPtables
  5. Redirecting IPtables Firewall Logging Location
  6. Testing IPtables using Nmap Scanning Tool
  7. Logging and Trapping Port Scanning Tools
  • Was this information helpful?
  • Yes(0)   No(0)
Get Linux Updates!

tux_toilet

Filed Under: Linux, Linux Hardening Rules and IPtables Firewall Tagged With: Linux Security, IPtables Firewall

About Imad Daou

CCNA HUB Founder, Imad has been in IT field since 2007. Currently holding A+, Network+, Server+, Security+, and Storage+. HP, Dell, and IBM Hardware Certified. Pursuing Linux+, LPIC-2, RHCSA, RHCE, AWS, CCNA, and JNCIA.

LEAVE A COMMENT Cancel reply

We're glad you have chosen to leave a comment. All comments are moderated according to our comment policy. Use your real name and not keywords in the name field. Let's have a personal and meaningful conversation.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Categories

Get CCNA HUB Updates!

MISSION

CCNA, Linux, and Wordpress Training Hub. For Students, Network Pros, DevOps, Linux/Wordpress Lovers, and Entrepreneurs. CCNA HUB Articles and Labs will help you build a solid foundation in Network, Linux, and Wordpress. E.g. Linux WHS will show you how to build a Professional Web Hosting Solution using DigitalOcean or Vultr VPS provider.

TAG CLOUD

Wordpress Multisite VLSM tcp sockets understanding switching wordpress.org CMS understanding Routing udp sockets Wordpress Hosting Hub SSH Agent Forwarding subnet mask wordpress CMS virtual circuit VPS Hosting switches T1 sudo TCP TCP/IP wide area network SSH Client transmission control protocol WAN su transport layer protocols transport layer

RSS UPDATES

  • IP Fundamentals
  • CCNA R&S
  • CCNA Labs
  • Linux WHS
  • Wordpress
  • All CCNA HUB Topics

Copyright © 2022 ·Genesis Sample Theme - Genesis Framework by StudioPress - WordPress - Log in

This website uses cookies. By continuing to browse the site, you are agreeing to our use of cookies
  • Home
  • R&S
    • IP Fundamentals
    • Switching
    • Routing
    • IPv4 Suite
    • IPv6 Suite
    • Labs
  • Linux
    • Virtualization 101
    • Basic Configuration
    • Security Measures
    • Database Server
    • Web Server
    • HTTP Tuneup
    • FTP Server
    • Mail Server
    • DNS Server
    • Control Panels
    • Monitoring
    • Backup and Maintenance
  • WordPress
  • About
    • Contact Us
    • Be part of It
    • Under the Hood