File: 98_log.py

package info (click to toggle)
pyroman 0.5.0~alpha1-3
  • links: PTS, VCS
  • area: main
  • in suites: wheezy
  • size: 400 kB
  • sloc: python: 1,653; xml: 88; sh: 59; makefile: 2
file content (17 lines) | stat: -rw-r--r-- 683 bytes parent folder | download | duplicates (7) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
 
"""
This is a couple of rules to setup logging of rejected packets (if you want to)
"""
remove_cruft = True
logging_enabled = False

# remove cruft
if remove_cruft:
	# reject invalid connections, don't log them
	iptables("INPUT",   "-m state --state INVALID -j DROP")
	iptables("FORWARD", "-m state --state INVALID -j DROP")
	iptables("OUTPUT",  "-m state --state INVALID -j DROP")
# log unknown packets with a limit
if logging_enabled:
	iptables("INPUT",   "-j LOG -m limit --limit 1/sec --log-prefix \"I-unknown:\"")
	iptables("FORWARD", "-j LOG -m limit --limit 1/sec --log-prefix \"F-unknown:\"")
	iptables("OUTPUT",  "-j LOG -m limit --limit 1/sec --log-prefix \"O-unknown:\"")