How to see what port was blocked in iptables log file?
Clash Royale CLAN TAG#URR8PPP
up vote
2
down vote
favorite
I have created few iptables rules and I have tested them. I created INPUT, OUTPUT chains using following code:
#!/bin/bash
iptables -F
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -N accept-input
iptables -A accept-input -j LOG --log-prefix "INPUT-ACCEPTED "
iptables -A accept-input -j ACCEPT
iptables -N drop-input
iptables -A drop-input -j LOG --log-prefix "INPUT-DROPPED "
iptables -A drop-input -j DROP
iptables -N accept-output
iptables -A accept-output -j LOG --log-prefix "OUTPUT-ACCEPTED "
iptables -A accept-output -j ACCEPT
iptables -N drop-output
iptables -A drop-output -j LOG --log-prefix "OUTPUT-DROPPED "
iptables -A drop-output -j ACCEPT
iptables -A INPUT -j drop-input
iptables -A OUTPUT -j drop-output
and I have added other rules to allow specific ports. I want to see the DROPPED packets. I am using port 9191 for IIS websites. I can't reach websites because it is being blocked. I am new with iptables, so I am not sure where to look for blocked packets.
iptables
asked Nov 5 '16 at 3:04
Muhammad Abbas
113
add a comment |Â
up vote
2
down vote
favorite
I have created few iptables rules and I have tested them. I created INPUT, OUTPUT chains using following code:
#!/bin/bash
iptables -F
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -N accept-input
iptables -A accept-input -j LOG --log-prefix "INPUT-ACCEPTED "
iptables -A accept-input -j ACCEPT
iptables -N drop-input
iptables -A drop-input -j LOG --log-prefix "INPUT-DROPPED "
iptables -A drop-input -j DROP
iptables -N accept-output
iptables -A accept-output -j LOG --log-prefix "OUTPUT-ACCEPTED "
iptables -A accept-output -j ACCEPT
iptables -N drop-output
iptables -A drop-output -j LOG --log-prefix "OUTPUT-DROPPED "
iptables -A drop-output -j ACCEPT
iptables -A INPUT -j drop-input
iptables -A OUTPUT -j drop-output
and I have added other rules to allow specific ports. I want to see the DROPPED packets. I am using port 9191 for IIS websites. I can't reach websites because it is being blocked. I am new with iptables, so I am not sure where to look for blocked packets.
iptables
asked Nov 5 '16 at 3:04
Muhammad Abbas
113
add a comment |Â
up vote
2
down vote
favorite
up vote
2
down vote
favorite
I have created few iptables rules and I have tested them. I created INPUT, OUTPUT chains using following code:
#!/bin/bash
iptables -F
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -N accept-input
iptables -A accept-input -j LOG --log-prefix "INPUT-ACCEPTED "
iptables -A accept-input -j ACCEPT
iptables -N drop-input
iptables -A drop-input -j LOG --log-prefix "INPUT-DROPPED "
iptables -A drop-input -j DROP
iptables -N accept-output
iptables -A accept-output -j LOG --log-prefix "OUTPUT-ACCEPTED "
iptables -A accept-output -j ACCEPT
iptables -N drop-output
iptables -A drop-output -j LOG --log-prefix "OUTPUT-DROPPED "
iptables -A drop-output -j ACCEPT
iptables -A INPUT -j drop-input
iptables -A OUTPUT -j drop-output
and I have added other rules to allow specific ports. I want to see the DROPPED packets. I am using port 9191 for IIS websites. I can't reach websites because it is being blocked. I am new with iptables, so I am not sure where to look for blocked packets.
iptables
asked Nov 5 '16 at 3:04
Muhammad Abbas
113
I have created few iptables rules and I have tested them. I created INPUT, OUTPUT chains using following code:
#!/bin/bash
iptables -F
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -N accept-input
iptables -A accept-input -j LOG --log-prefix "INPUT-ACCEPTED "
iptables -A accept-input -j ACCEPT
iptables -N drop-input
iptables -A drop-input -j LOG --log-prefix "INPUT-DROPPED "
iptables -A drop-input -j DROP
iptables -N accept-output
iptables -A accept-output -j LOG --log-prefix "OUTPUT-ACCEPTED "
iptables -A accept-output -j ACCEPT
iptables -N drop-output
iptables -A drop-output -j LOG --log-prefix "OUTPUT-DROPPED "
iptables -A drop-output -j ACCEPT
iptables -A INPUT -j drop-input
iptables -A OUTPUT -j drop-output
and I have added other rules to allow specific ports. I want to see the DROPPED packets. I am using port 9191 for IIS websites. I can't reach websites because it is being blocked. I am new with iptables, so I am not sure where to look for blocked packets.
iptables
iptables
asked Nov 5 '16 at 3:04
Muhammad Abbas
113
asked Nov 5 '16 at 3:04
Muhammad Abbas
113
asked Nov 5 '16 at 3:04
Muhammad Abbas
113
asked Nov 5 '16 at 3:04
Muhammad Abbas
113
asked Nov 5 '16 at 3:04
Muhammad Abbas
113
113
add a comment |Â
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
0
down vote
grep DROPPED /var/log/kern.log
or
dmesg|grep DROPPED
answered Nov 5 '16 at 3:07
Ipor Sircer
9,3161920
thanks for reply! This works, but is there a way to see what port was blocked? Let say I try to ssh and it gets dropped, so can I see port 22 blocked or dropped?
– Muhammad Abbas
Nov 5 '16 at 3:10
kernel: [38753.696042] DROPPED: IN= OUT=eth0 SRC=x.x.x.x DST=x.x.x.x LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=42248 DF PROTO=TCP SPT=45146 DPT=23 WINDOW=29200 RES=0x00 SYN URGP=0
– Ipor Sircer
Nov 5 '16 at 3:22
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
grep DROPPED /var/log/kern.log
or
dmesg|grep DROPPED
answered Nov 5 '16 at 3:07
Ipor Sircer
9,3161920
thanks for reply! This works, but is there a way to see what port was blocked? Let say I try to ssh and it gets dropped, so can I see port 22 blocked or dropped?
– Muhammad Abbas
Nov 5 '16 at 3:10
kernel: [38753.696042] DROPPED: IN= OUT=eth0 SRC=x.x.x.x DST=x.x.x.x LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=42248 DF PROTO=TCP SPT=45146 DPT=23 WINDOW=29200 RES=0x00 SYN URGP=0
– Ipor Sircer
Nov 5 '16 at 3:22
add a comment |Â
up vote
0
down vote
grep DROPPED /var/log/kern.log
or
dmesg|grep DROPPED
answered Nov 5 '16 at 3:07
Ipor Sircer
9,3161920
thanks for reply! This works, but is there a way to see what port was blocked? Let say I try to ssh and it gets dropped, so can I see port 22 blocked or dropped?
– Muhammad Abbas
Nov 5 '16 at 3:10
kernel: [38753.696042] DROPPED: IN= OUT=eth0 SRC=x.x.x.x DST=x.x.x.x LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=42248 DF PROTO=TCP SPT=45146 DPT=23 WINDOW=29200 RES=0x00 SYN URGP=0
– Ipor Sircer
Nov 5 '16 at 3:22
add a comment |Â
up vote
0
down vote
up vote
0
down vote
grep DROPPED /var/log/kern.log
or
dmesg|grep DROPPED
answered Nov 5 '16 at 3:07
Ipor Sircer
9,3161920
grep DROPPED /var/log/kern.log
or
dmesg|grep DROPPED
answered Nov 5 '16 at 3:07
Ipor Sircer
9,3161920
answered Nov 5 '16 at 3:07
Ipor Sircer
9,3161920
answered Nov 5 '16 at 3:07
Ipor Sircer
9,3161920
answered Nov 5 '16 at 3:07
Ipor Sircer
9,3161920
9,3161920
thanks for reply! This works, but is there a way to see what port was blocked? Let say I try to ssh and it gets dropped, so can I see port 22 blocked or dropped?
– Muhammad Abbas
Nov 5 '16 at 3:10
kernel: [38753.696042] DROPPED: IN= OUT=eth0 SRC=x.x.x.x DST=x.x.x.x LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=42248 DF PROTO=TCP SPT=45146 DPT=23 WINDOW=29200 RES=0x00 SYN URGP=0
– Ipor Sircer
Nov 5 '16 at 3:22
add a comment |Â
thanks for reply! This works, but is there a way to see what port was blocked? Let say I try to ssh and it gets dropped, so can I see port 22 blocked or dropped?
– Muhammad Abbas
Nov 5 '16 at 3:10
kernel: [38753.696042] DROPPED: IN= OUT=eth0 SRC=x.x.x.x DST=x.x.x.x LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=42248 DF PROTO=TCP SPT=45146 DPT=23 WINDOW=29200 RES=0x00 SYN URGP=0
– Ipor Sircer
Nov 5 '16 at 3:22
thanks for reply! This works, but is there a way to see what port was blocked? Let say I try to ssh and it gets dropped, so can I see port 22 blocked or dropped?
– Muhammad Abbas
Nov 5 '16 at 3:10
thanks for reply! This works, but is there a way to see what port was blocked? Let say I try to ssh and it gets dropped, so can I see port 22 blocked or dropped?
– Muhammad Abbas
Nov 5 '16 at 3:10
kernel: [38753.696042] DROPPED: IN= OUT=eth0 SRC=x.x.x.x DST=x.x.x.x LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=42248 DF PROTO=TCP SPT=45146 DPT=23 WINDOW=29200 RES=0x00 SYN URGP=0
– Ipor Sircer
Nov 5 '16 at 3:22
kernel: [38753.696042] DROPPED: IN= OUT=eth0 SRC=x.x.x.x DST=x.x.x.x LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=42248 DF PROTO=TCP SPT=45146 DPT=23 WINDOW=29200 RES=0x00 SYN URGP=0
– Ipor Sircer
Nov 5 '16 at 3:22
add a comment |Â
Â
draft saved
draft discarded
Â
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f321210%2fhow-to-see-what-port-was-blocked-in-iptables-log-file%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
