How to see what port was blocked in iptables log file?

Multi tool use
Multi tool use

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
2
down vote

favorite












I have created few iptables rules and I have tested them. I created INPUT, OUTPUT chains using following code:



 #!/bin/bash



iptables -F

iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

iptables -N accept-input

iptables -A accept-input -j LOG --log-prefix "INPUT-ACCEPTED "
iptables -A accept-input -j ACCEPT


iptables -N drop-input

iptables -A drop-input -j LOG --log-prefix "INPUT-DROPPED "
iptables -A drop-input -j DROP

iptables -N accept-output

iptables -A accept-output -j LOG --log-prefix "OUTPUT-ACCEPTED "
iptables -A accept-output -j ACCEPT

iptables -N drop-output

iptables -A drop-output -j LOG --log-prefix "OUTPUT-DROPPED "
iptables -A drop-output -j ACCEPT

iptables -A INPUT -j drop-input
iptables -A OUTPUT -j drop-output


and I have added other rules to allow specific ports. I want to see the DROPPED packets. I am using port 9191 for IIS websites. I can't reach websites because it is being blocked. I am new with iptables, so I am not sure where to look for blocked packets.






iptables







share|improve this question

























    up vote
    2
    down vote

    favorite












    I have created few iptables rules and I have tested them. I created INPUT, OUTPUT chains using following code:



     #!/bin/bash



    iptables -F

    iptables -P INPUT DROP
    iptables -P OUTPUT DROP
    iptables -P FORWARD DROP

    iptables -N accept-input

    iptables -A accept-input -j LOG --log-prefix "INPUT-ACCEPTED "
    iptables -A accept-input -j ACCEPT


    iptables -N drop-input

    iptables -A drop-input -j LOG --log-prefix "INPUT-DROPPED "
    iptables -A drop-input -j DROP

    iptables -N accept-output

    iptables -A accept-output -j LOG --log-prefix "OUTPUT-ACCEPTED "
    iptables -A accept-output -j ACCEPT

    iptables -N drop-output

    iptables -A drop-output -j LOG --log-prefix "OUTPUT-DROPPED "
    iptables -A drop-output -j ACCEPT

    iptables -A INPUT -j drop-input
    iptables -A OUTPUT -j drop-output


    and I have added other rules to allow specific ports. I want to see the DROPPED packets. I am using port 9191 for IIS websites. I can't reach websites because it is being blocked. I am new with iptables, so I am not sure where to look for blocked packets.






    iptables







    share|improve this question























      up vote
      2
      down vote

      favorite









      up vote
      2
      down vote

      favorite











      I have created few iptables rules and I have tested them. I created INPUT, OUTPUT chains using following code:



       #!/bin/bash



      iptables -F

      iptables -P INPUT DROP
      iptables -P OUTPUT DROP
      iptables -P FORWARD DROP

      iptables -N accept-input

      iptables -A accept-input -j LOG --log-prefix "INPUT-ACCEPTED "
      iptables -A accept-input -j ACCEPT


      iptables -N drop-input

      iptables -A drop-input -j LOG --log-prefix "INPUT-DROPPED "
      iptables -A drop-input -j DROP

      iptables -N accept-output

      iptables -A accept-output -j LOG --log-prefix "OUTPUT-ACCEPTED "
      iptables -A accept-output -j ACCEPT

      iptables -N drop-output

      iptables -A drop-output -j LOG --log-prefix "OUTPUT-DROPPED "
      iptables -A drop-output -j ACCEPT

      iptables -A INPUT -j drop-input
      iptables -A OUTPUT -j drop-output


      and I have added other rules to allow specific ports. I want to see the DROPPED packets. I am using port 9191 for IIS websites. I can't reach websites because it is being blocked. I am new with iptables, so I am not sure where to look for blocked packets.






      iptables







      share|improve this question













      I have created few iptables rules and I have tested them. I created INPUT, OUTPUT chains using following code:



       #!/bin/bash



      iptables -F

      iptables -P INPUT DROP
      iptables -P OUTPUT DROP
      iptables -P FORWARD DROP

      iptables -N accept-input

      iptables -A accept-input -j LOG --log-prefix "INPUT-ACCEPTED "
      iptables -A accept-input -j ACCEPT


      iptables -N drop-input

      iptables -A drop-input -j LOG --log-prefix "INPUT-DROPPED "
      iptables -A drop-input -j DROP

      iptables -N accept-output

      iptables -A accept-output -j LOG --log-prefix "OUTPUT-ACCEPTED "
      iptables -A accept-output -j ACCEPT

      iptables -N drop-output

      iptables -A drop-output -j LOG --log-prefix "OUTPUT-DROPPED "
      iptables -A drop-output -j ACCEPT

      iptables -A INPUT -j drop-input
      iptables -A OUTPUT -j drop-output


      and I have added other rules to allow specific ports. I want to see the DROPPED packets. I am using port 9191 for IIS websites. I can't reach websites because it is being blocked. I am new with iptables, so I am not sure where to look for blocked packets.






      iptables




      iptables






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 5 '16 at 3:04









      Muhammad Abbas

      113




      113




















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          0
          down vote













          grep DROPPED /var/log/kern.log


          or



          dmesg|grep DROPPED





          share|improve this answer




















          • thanks for reply! This works, but is there a way to see what port was blocked? Let say I try to ssh and it gets dropped, so can I see port 22 blocked or dropped?
            – Muhammad Abbas
            Nov 5 '16 at 3:10










          • kernel: [38753.696042] DROPPED: IN= OUT=eth0 SRC=x.x.x.x DST=x.x.x.x LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=42248 DF PROTO=TCP SPT=45146 DPT=23 WINDOW=29200 RES=0x00 SYN URGP=0
            – Ipor Sircer
            Nov 5 '16 at 3:22










          Your Answer







          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "106"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          convertImagesToLinks: false,
          noModals: false,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













           

          draft saved


          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f321210%2fhow-to-see-what-port-was-blocked-in-iptables-log-file%23new-answer', 'question_page');

          );

          Post as a guest

















          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          0
          down vote













          grep DROPPED /var/log/kern.log


          or



          dmesg|grep DROPPED





          share|improve this answer




















          • thanks for reply! This works, but is there a way to see what port was blocked? Let say I try to ssh and it gets dropped, so can I see port 22 blocked or dropped?
            – Muhammad Abbas
            Nov 5 '16 at 3:10










          • kernel: [38753.696042] DROPPED: IN= OUT=eth0 SRC=x.x.x.x DST=x.x.x.x LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=42248 DF PROTO=TCP SPT=45146 DPT=23 WINDOW=29200 RES=0x00 SYN URGP=0
            – Ipor Sircer
            Nov 5 '16 at 3:22














          up vote
          0
          down vote













          grep DROPPED /var/log/kern.log


          or



          dmesg|grep DROPPED





          share|improve this answer




















          • thanks for reply! This works, but is there a way to see what port was blocked? Let say I try to ssh and it gets dropped, so can I see port 22 blocked or dropped?
            – Muhammad Abbas
            Nov 5 '16 at 3:10










          • kernel: [38753.696042] DROPPED: IN= OUT=eth0 SRC=x.x.x.x DST=x.x.x.x LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=42248 DF PROTO=TCP SPT=45146 DPT=23 WINDOW=29200 RES=0x00 SYN URGP=0
            – Ipor Sircer
            Nov 5 '16 at 3:22












          up vote
          0
          down vote










          up vote
          0
          down vote









          grep DROPPED /var/log/kern.log


          or



          dmesg|grep DROPPED





          share|improve this answer












          grep DROPPED /var/log/kern.log


          or



          dmesg|grep DROPPED






          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 5 '16 at 3:07









          Ipor Sircer

          9,3161920




          9,3161920











          • thanks for reply! This works, but is there a way to see what port was blocked? Let say I try to ssh and it gets dropped, so can I see port 22 blocked or dropped?
            – Muhammad Abbas
            Nov 5 '16 at 3:10










          • kernel: [38753.696042] DROPPED: IN= OUT=eth0 SRC=x.x.x.x DST=x.x.x.x LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=42248 DF PROTO=TCP SPT=45146 DPT=23 WINDOW=29200 RES=0x00 SYN URGP=0
            – Ipor Sircer
            Nov 5 '16 at 3:22
















          • thanks for reply! This works, but is there a way to see what port was blocked? Let say I try to ssh and it gets dropped, so can I see port 22 blocked or dropped?
            – Muhammad Abbas
            Nov 5 '16 at 3:10










          • kernel: [38753.696042] DROPPED: IN= OUT=eth0 SRC=x.x.x.x DST=x.x.x.x LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=42248 DF PROTO=TCP SPT=45146 DPT=23 WINDOW=29200 RES=0x00 SYN URGP=0
            – Ipor Sircer
            Nov 5 '16 at 3:22















          thanks for reply! This works, but is there a way to see what port was blocked? Let say I try to ssh and it gets dropped, so can I see port 22 blocked or dropped?
          – Muhammad Abbas
          Nov 5 '16 at 3:10




          thanks for reply! This works, but is there a way to see what port was blocked? Let say I try to ssh and it gets dropped, so can I see port 22 blocked or dropped?
          – Muhammad Abbas
          Nov 5 '16 at 3:10












          kernel: [38753.696042] DROPPED: IN= OUT=eth0 SRC=x.x.x.x DST=x.x.x.x LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=42248 DF PROTO=TCP SPT=45146 DPT=23 WINDOW=29200 RES=0x00 SYN URGP=0
          – Ipor Sircer
          Nov 5 '16 at 3:22




          kernel: [38753.696042] DROPPED: IN= OUT=eth0 SRC=x.x.x.x DST=x.x.x.x LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=42248 DF PROTO=TCP SPT=45146 DPT=23 WINDOW=29200 RES=0x00 SYN URGP=0
          – Ipor Sircer
          Nov 5 '16 at 3:22

















           

          draft saved


          draft discarded















































           


          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f321210%2fhow-to-see-what-port-was-blocked-in-iptables-log-file%23new-answer', 'question_page');

          );

          Post as a guest
































































          Z97XQ,ONeHg uO,eYh PRsQHdw8bjeuwz8NAlLT39beaQuvSu,8fcB4ukRCYN 3iE3vow RGmd r0kANpOZSa
          -
          eOVtT4dy 5AUtRpd3iU

          Popular posts from this blog

          How to check contact read email or not when send email to Individual?

          Image
          Clash Royale CLAN TAG #URR8PPP up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this question asked Sep 26 at 0:12 ToanLuong 49 9 add a comment  |  up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this questi...
          Read more

          How many registers does an x86_64 CPU actually have?

          Image
          Clash Royale CLAN TAG #URR8PPP up vote 2 down vote favorite I am currently learning reverse engineering and am studying the flags register. I had in my mind that rflags was just another name for one of the 16 general purpose registers, for example rax or rbx . But it looks like rflags is actually an additional register. So that makes 17 registers in total... how many more could there be? I have spent at least an hour on this and found numerous different answers. The best answer so far is this, which says that there are 40 registers in total. 16 General Purpose Registers 2 Status Registers 6 Code Segment Registers 16 SSE Registers 8 FPU/MMX Registers But if I add that up, I get 48. Could anybody provide an official answer on how many registers an x86_64 CPU has (e.g. an Intel i7). Additionally, I have seen references to 'hardware' and 'architectural' registers. What are those registers and how many are there? register x86-64 share | improve this...
          Read more

          Displaying single band from multi-band raster using QGIS

          Image
          Clash Royale CLAN TAG #URR8PPP 1 How can I extract a single band from multi-band raster in QGIS? I have an remote sensed image which has 6 bands (including NDVI band), I want to display each band separately, but have no idea how to do. I have seen some questions similar here but none worked for me. The original image (has 6 bands) is: I want to display the band 6 which should be like this: But I tried gdal_translate, and couldn't get the correct result. What I have got is: qgis raster multi-band share | improve this question edited Mar 5 at 0:53 Summer asked Mar 4 at 6:42 Summer Summer 23 6 Is this any help gis.stackexchange.com/questions/220658/… ? if not gis.stackexchange.com/questions/62133/… might help. – Michael Stimson Mar 4 at 6:46 Thanks for answering but when I used gdal_translate, qgis showed that 'Error 4: Kayena.tif: No such file or directory". Would you know how to fi...
          Read more