How to see what port was blocked in iptables log file?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
2
down vote

favorite












I have created few iptables rules and I have tested them. I created INPUT, OUTPUT chains using following code:



 #!/bin/bash



iptables -F

iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

iptables -N accept-input

iptables -A accept-input -j LOG --log-prefix "INPUT-ACCEPTED "
iptables -A accept-input -j ACCEPT


iptables -N drop-input

iptables -A drop-input -j LOG --log-prefix "INPUT-DROPPED "
iptables -A drop-input -j DROP

iptables -N accept-output

iptables -A accept-output -j LOG --log-prefix "OUTPUT-ACCEPTED "
iptables -A accept-output -j ACCEPT

iptables -N drop-output

iptables -A drop-output -j LOG --log-prefix "OUTPUT-DROPPED "
iptables -A drop-output -j ACCEPT

iptables -A INPUT -j drop-input
iptables -A OUTPUT -j drop-output


and I have added other rules to allow specific ports. I want to see the DROPPED packets. I am using port 9191 for IIS websites. I can't reach websites because it is being blocked. I am new with iptables, so I am not sure where to look for blocked packets.










share|improve this question

























    up vote
    2
    down vote

    favorite












    I have created few iptables rules and I have tested them. I created INPUT, OUTPUT chains using following code:



     #!/bin/bash



    iptables -F

    iptables -P INPUT DROP
    iptables -P OUTPUT DROP
    iptables -P FORWARD DROP

    iptables -N accept-input

    iptables -A accept-input -j LOG --log-prefix "INPUT-ACCEPTED "
    iptables -A accept-input -j ACCEPT


    iptables -N drop-input

    iptables -A drop-input -j LOG --log-prefix "INPUT-DROPPED "
    iptables -A drop-input -j DROP

    iptables -N accept-output

    iptables -A accept-output -j LOG --log-prefix "OUTPUT-ACCEPTED "
    iptables -A accept-output -j ACCEPT

    iptables -N drop-output

    iptables -A drop-output -j LOG --log-prefix "OUTPUT-DROPPED "
    iptables -A drop-output -j ACCEPT

    iptables -A INPUT -j drop-input
    iptables -A OUTPUT -j drop-output


    and I have added other rules to allow specific ports. I want to see the DROPPED packets. I am using port 9191 for IIS websites. I can't reach websites because it is being blocked. I am new with iptables, so I am not sure where to look for blocked packets.










    share|improve this question























      up vote
      2
      down vote

      favorite









      up vote
      2
      down vote

      favorite











      I have created few iptables rules and I have tested them. I created INPUT, OUTPUT chains using following code:



       #!/bin/bash



      iptables -F

      iptables -P INPUT DROP
      iptables -P OUTPUT DROP
      iptables -P FORWARD DROP

      iptables -N accept-input

      iptables -A accept-input -j LOG --log-prefix "INPUT-ACCEPTED "
      iptables -A accept-input -j ACCEPT


      iptables -N drop-input

      iptables -A drop-input -j LOG --log-prefix "INPUT-DROPPED "
      iptables -A drop-input -j DROP

      iptables -N accept-output

      iptables -A accept-output -j LOG --log-prefix "OUTPUT-ACCEPTED "
      iptables -A accept-output -j ACCEPT

      iptables -N drop-output

      iptables -A drop-output -j LOG --log-prefix "OUTPUT-DROPPED "
      iptables -A drop-output -j ACCEPT

      iptables -A INPUT -j drop-input
      iptables -A OUTPUT -j drop-output


      and I have added other rules to allow specific ports. I want to see the DROPPED packets. I am using port 9191 for IIS websites. I can't reach websites because it is being blocked. I am new with iptables, so I am not sure where to look for blocked packets.










      share|improve this question













      I have created few iptables rules and I have tested them. I created INPUT, OUTPUT chains using following code:



       #!/bin/bash



      iptables -F

      iptables -P INPUT DROP
      iptables -P OUTPUT DROP
      iptables -P FORWARD DROP

      iptables -N accept-input

      iptables -A accept-input -j LOG --log-prefix "INPUT-ACCEPTED "
      iptables -A accept-input -j ACCEPT


      iptables -N drop-input

      iptables -A drop-input -j LOG --log-prefix "INPUT-DROPPED "
      iptables -A drop-input -j DROP

      iptables -N accept-output

      iptables -A accept-output -j LOG --log-prefix "OUTPUT-ACCEPTED "
      iptables -A accept-output -j ACCEPT

      iptables -N drop-output

      iptables -A drop-output -j LOG --log-prefix "OUTPUT-DROPPED "
      iptables -A drop-output -j ACCEPT

      iptables -A INPUT -j drop-input
      iptables -A OUTPUT -j drop-output


      and I have added other rules to allow specific ports. I want to see the DROPPED packets. I am using port 9191 for IIS websites. I can't reach websites because it is being blocked. I am new with iptables, so I am not sure where to look for blocked packets.







      iptables






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 5 '16 at 3:04









      Muhammad Abbas

      113




      113




















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          0
          down vote













          grep DROPPED /var/log/kern.log


          or



          dmesg|grep DROPPED





          share|improve this answer




















          • thanks for reply! This works, but is there a way to see what port was blocked? Let say I try to ssh and it gets dropped, so can I see port 22 blocked or dropped?
            – Muhammad Abbas
            Nov 5 '16 at 3:10










          • kernel: [38753.696042] DROPPED: IN= OUT=eth0 SRC=x.x.x.x DST=x.x.x.x LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=42248 DF PROTO=TCP SPT=45146 DPT=23 WINDOW=29200 RES=0x00 SYN URGP=0
            – Ipor Sircer
            Nov 5 '16 at 3:22










          Your Answer







          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "106"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          convertImagesToLinks: false,
          noModals: false,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













           

          draft saved


          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f321210%2fhow-to-see-what-port-was-blocked-in-iptables-log-file%23new-answer', 'question_page');

          );

          Post as a guest






























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          0
          down vote













          grep DROPPED /var/log/kern.log


          or



          dmesg|grep DROPPED





          share|improve this answer




















          • thanks for reply! This works, but is there a way to see what port was blocked? Let say I try to ssh and it gets dropped, so can I see port 22 blocked or dropped?
            – Muhammad Abbas
            Nov 5 '16 at 3:10










          • kernel: [38753.696042] DROPPED: IN= OUT=eth0 SRC=x.x.x.x DST=x.x.x.x LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=42248 DF PROTO=TCP SPT=45146 DPT=23 WINDOW=29200 RES=0x00 SYN URGP=0
            – Ipor Sircer
            Nov 5 '16 at 3:22














          up vote
          0
          down vote













          grep DROPPED /var/log/kern.log


          or



          dmesg|grep DROPPED





          share|improve this answer




















          • thanks for reply! This works, but is there a way to see what port was blocked? Let say I try to ssh and it gets dropped, so can I see port 22 blocked or dropped?
            – Muhammad Abbas
            Nov 5 '16 at 3:10










          • kernel: [38753.696042] DROPPED: IN= OUT=eth0 SRC=x.x.x.x DST=x.x.x.x LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=42248 DF PROTO=TCP SPT=45146 DPT=23 WINDOW=29200 RES=0x00 SYN URGP=0
            – Ipor Sircer
            Nov 5 '16 at 3:22












          up vote
          0
          down vote










          up vote
          0
          down vote









          grep DROPPED /var/log/kern.log


          or



          dmesg|grep DROPPED





          share|improve this answer












          grep DROPPED /var/log/kern.log


          or



          dmesg|grep DROPPED






          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 5 '16 at 3:07









          Ipor Sircer

          9,3161920




          9,3161920











          • thanks for reply! This works, but is there a way to see what port was blocked? Let say I try to ssh and it gets dropped, so can I see port 22 blocked or dropped?
            – Muhammad Abbas
            Nov 5 '16 at 3:10










          • kernel: [38753.696042] DROPPED: IN= OUT=eth0 SRC=x.x.x.x DST=x.x.x.x LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=42248 DF PROTO=TCP SPT=45146 DPT=23 WINDOW=29200 RES=0x00 SYN URGP=0
            – Ipor Sircer
            Nov 5 '16 at 3:22
















          • thanks for reply! This works, but is there a way to see what port was blocked? Let say I try to ssh and it gets dropped, so can I see port 22 blocked or dropped?
            – Muhammad Abbas
            Nov 5 '16 at 3:10










          • kernel: [38753.696042] DROPPED: IN= OUT=eth0 SRC=x.x.x.x DST=x.x.x.x LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=42248 DF PROTO=TCP SPT=45146 DPT=23 WINDOW=29200 RES=0x00 SYN URGP=0
            – Ipor Sircer
            Nov 5 '16 at 3:22















          thanks for reply! This works, but is there a way to see what port was blocked? Let say I try to ssh and it gets dropped, so can I see port 22 blocked or dropped?
          – Muhammad Abbas
          Nov 5 '16 at 3:10




          thanks for reply! This works, but is there a way to see what port was blocked? Let say I try to ssh and it gets dropped, so can I see port 22 blocked or dropped?
          – Muhammad Abbas
          Nov 5 '16 at 3:10












          kernel: [38753.696042] DROPPED: IN= OUT=eth0 SRC=x.x.x.x DST=x.x.x.x LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=42248 DF PROTO=TCP SPT=45146 DPT=23 WINDOW=29200 RES=0x00 SYN URGP=0
          – Ipor Sircer
          Nov 5 '16 at 3:22




          kernel: [38753.696042] DROPPED: IN= OUT=eth0 SRC=x.x.x.x DST=x.x.x.x LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=42248 DF PROTO=TCP SPT=45146 DPT=23 WINDOW=29200 RES=0x00 SYN URGP=0
          – Ipor Sircer
          Nov 5 '16 at 3:22

















           

          draft saved


          draft discarded















































           


          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f321210%2fhow-to-see-what-port-was-blocked-in-iptables-log-file%23new-answer', 'question_page');

          );

          Post as a guest













































































          Popular posts from this blog

          How to check contact read email or not when send email to Individual?

          Displaying single band from multi-band raster using QGIS

          How many registers does an x86_64 CPU actually have?