Changing APF log for TDP/UDP drops Published: Aug 27, 2004
  • Rating

    0/5

  • Rating

    0/5

Related Articles

Comments (11)

  • Gravatar - swampy
    swampy 14:08, September 6, 2004
    i tried this tut on apf 0.9.4 and i does not work i get errors when trying to restart apf good job i backed up files first.
  • Gravatar - pixel
    pixel 13:27, September 20, 2004
    Worked like a charm for me - thx!
  • Gravatar - ryan
    ryan 22:17, September 21, 2004
    great idea -- will review this for added internal feature.
  • Gravatar - vijay srivastava
    vijay srivastava 20:58, September 22, 2004
    how to remove APF from my server any uninstall procedure.
  • Gravatar - squalito
    squalito 14:12, September 29, 2004
    I do not have exactly the same lines in my conf.apf. <br />
    I have the last version : Apf.0.9.4-6<br />
    <br />
    I updated exisitng lines :<br />
    if [ "$DROP_LOG" == "1" ]; then<br />
    # Default TCP/UDP INPUT log chain<br />
    if [ "$EXLOG" == "1" ]; then<br />
    $IPT -A INPUT -p tcp -m limit --limit $LRATE/minute -i $IN_IF -j LOG --log-prefix "** IN_TCP DROP ** " --log-tcp-options --log-ip-options<br />
    $IPT -A INPUT -p udp -m limit --limit $LRATE/minute -i $IN_IF -j LOG --log-prefix "** IN_UDP DROP ** " --log-ip-options<br />
    else<br />
    $IPT -A INPUT -p tcp -m limit --limit $LRATE/minute -i $IN_IF -j LOG --log-prefix "** IN_TCP DROP ** "<br />
    $IPT -A INPUT -p udp -m limit --limit $LRATE/minute -i $IN_IF -j LOG --log-prefix "** IN_UDP DROP ** "<br />
    fi<br />
    fi<br />
    <br />
    if [ "$DROP_LOG" == "1" ] && [ "$EGF" == "1" ]; then<br />
    # Default TCP/UDP OUTPUT log chain<br />
    if [ "$EXLOG" == "1" ]; then<br />
    $IPT -A OUTPUT -p tcp -m limit --limit $LRATE/minute -o $OUT_IF -j LOG --log-prefix "** OUT_TCP DROP ** " --log-tcp-options --log-ip-options<br />
    $IPT -A OUTPUT -p udp -m limit --limit $LRATE/minute -o $OUT_IF -j LOG --log-prefix "** OUT_UDP DROP ** " --log-ip-options<br />
    else<br />
    $IPT -A OUTPUT -p tcp -m limit --limit $LRATE/minute -o $OUT_IF -j LOG --log-prefix "** OUT_TCP DROP ** "<br />
    $IPT -A OUTPUT -p udp -m limit --limit $LRATE/minute -o $OUT_IF -j LOG --log-prefix "** OUT_UDP DROP ** "<br />
    fi<br />
    fi<br />
    <br />
    <br />
    by these lines<br />
    if [ "$DROP_LOG" == "1" ]; then<br />
    # Default TCP/UDP INPUT log chain<br />
    if [ "$EXLOG" == "1" ]; then<br />
    $IPT -A INPUT -p tcp -m limit --limit $LRATE/minute -i $IF -j LOG --log-level debug --log-tcp-options --log-ip-options<br />
    $IPT -A INPUT -p udp -m limit --limit $LRATE/minute -i $IF -j LOG --log-level debug --log-ip-options<br />
    else<br />
    $IPT -A INPUT -p tcp -m limit --limit $LRATE/minute -i $IF -j LOG --log-level debug<br />
    $IPT -A INPUT -p udp -m limit --limit $LRATE/minute -i $IF -j LOG --log-level debug<br />
    fi<br />
    fi<br />
    <br />
    if [ "$DROP_LOG" == "1" ] && [ "$EGF" == "1" ]; then<br />
    # Default TCP/UDP OUTPUT log chain<br />
    if [ "$EXLOG" == "1" ]; then<br />
    $IPT -A INPUT -p tcp -m limit --limit $LRATE/minute -i $IF -j LOG --log-level debug --log-tcp-options --log-ip-options<br />
    $IPT -A INPUT -p udp -m limit --limit $LRATE/minute -i $IF -j LOG --log-level debug --log-ip-options<br />
    else<br />
    $IPT -A INPUT -p tcp -m limit --limit $LRATE/minute -i $IF -j LOG --log-level debug<br />
    $IPT -A INPUT -p udp -m limit --limit $LRATE/minute -i $IF -j LOG --log-level debug<br />
    fi<br />
    fi<br />
    <br />
    <br />
    and evrything is working fine<br />
    <br />
    Thanks for this article<br />
    Squalito<br />
  • Gravatar - rYno267
    rYno267 05:24, November 15, 2004
    When I do <br />
    "tail –f /var/log/iptables"<br />
    <br />
    I get this: "tail: .f: No such file or directory<br />
    ==> /var/log/iptables <==<br />
    "<br />
    <br />
    Any Ideas? thanks.
  • Gravatar - Madlaker
    Madlaker 20:24, December 4, 2004
    I get the same as Ryno above. I did a locate on iptables and there is no iptables under /var let alone /var/logs.<br />
    <br />
    Is there another step we have to preform?<br />
    <br />
    Any ideas would be appreciated.
  • Gravatar - Madlaker
    Madlaker 20:46, December 4, 2004
    Just an update..<br />
    <br />
    Ok, simple solution.<br />
    <br />
    when you restarted the firewall like me, you probably go an error that you missed like I did the first time.<br />
    <br />
    /etc/apf/apf: line 1: ifconfig: command not found<br />
    <br />
    This is because when we are in the su environment instead of su -.<br />
    <br />
    1)just type cd then the enter key<br />
    then su - then the enter key<br />
    <br />
    2)now type /etc/apf/apf –r and you shouldn't get that error.<br />
    <br />
    3) Now type tail –f /var/log/iptables and you should see all the drop packets showing up.<br />
    <br />
    If you get any more errors, be sure to look through all the instructions above.
  • Gravatar - Dennis
    Dennis 00:41, January 7, 2005
    I have .9.4 of APF and the lines you say to replace are different in that version. Fir example, here is the first of the two changes I made:<br />
    <br />
    if [ "$DROP_LOG" == "1" ]; then<br />
    # Default TCP/UDP INPUT log chain<br />
    if [ "$EXLOG" == "1" ]; then<br />
    $IPT -A INPUT -p tcp -m limit --limit $LRATE/minute -i $IN_IF -j LOG -$<br />
    $IPT -A INPUT -p udp -m limit --limit $LRATE/minute -i $IN_IF -j LOG -$<br />
    else<br />
    <br />
    As you see, the "if then else" parts are missing:<br />
    <br />
    if [ "$EXLOG" == "1" ]; then<br />
    else<br />
    <br />
    I guessed that I should make the changes and leave these items in although you did not mention them.<br />
    <br />
    The second section I changed per your instructions are here:<br />
    <br />
    if [ "$DROP_LOG" == "1" ] && [ "$EGF" == "1" ]; then<br />
    # Default TCP/UDP OUTPUT log chain<br />
    if [ "$EXLOG" == "1" ]; then<br />
    $IPT -A OUTPUT -p tcp -m limit --limit $LRATE/minute -o $OUT_IF -j LOG --log-prefix "** OUT_TCP DROP ** " --log-tcp-option$<br />
    $IPT -A OUTPUT -p udp -m limit --limit $LRATE/minute -o $OUT_IF -j LOG --log-prefix "** OUT_UDP DROP ** " --log-ip-options<br />
    else<br />
    $IPT -A OUTPUT -p tcp -m limit --limit $LRATE/minute -o $OUT_IF -j LOG --log-prefix "** OUT_TCP DROP ** "<br />
    $IPT -A OUTPUT -p udp -m limit --limit $LRATE/minute -o $OUT_IF -j LOG --log-prefix "** OUT_UDP DROP ** "<br />
    fi<br />
    <br />
    But I am getting errors, so I suspect something isn't right. <br />
    <br />
    I need some help on this for sure.<br />
    <br />
    Thanks
  • Gravatar - Izzee
    Izzee 12:39, November 21, 2005
    ------------------------------------------<br />
    DO NOT USE THIS TUTIRIAL FOR APF VERSIONS HIGHER THAN 0.9.3<br />
    ------------------------------------------<br />
    <br />
    Latest APF version 0.9.6-1<br />
    /etc/apf/firewall<br />
    Has different $DROP_LOG entries to the ones above.<br />
    Now called $LOG_DROP with completely different rules.<br />
    No point in this tutorial now as it is obsolete.<br />
    <br />
    RAMPRAGE - This tutorial needs updating as a matter of urgency!!
  • Gravatar - webhost
    webhost 20:26, January 15, 2006
    I been meaning to ask this in the past but never have untill now.<br />
    <br />
    I restarted the apf and I get this :<br />
    <br />
    [/etc/apf]# ./apf -r<br />
    iptables v1.2.9: host/network `-' not found<br />
    Try `iptables -h' or 'iptables --help' for more information.<br />
    iptables v1.2.9: host/network `-' not found<br />
    Try `iptables -h' or 'iptables --help' for more information.<br />
    iptables v1.2.9: host/network `-' not found<br />
    Try `iptables -h' or 'iptables --help' for more information.<br />
    iptables v1.2.9: host/network `-' not found<br />
    Try `iptables -h' or 'iptables --help' for more information.<br />
    <br />
    Any idea as to why I am getting this? I dont know about any host/network.<br />
    <br />
    Thanks for you help

Add Your Thoughts

WebHostGear.com is a hosting directory, not a web host.

Copyright © 1998-2018 WebHostGear.com