Log & Drop

Now that we've allowed everything through our firewall that we want, lets log everything else, and drop it. Lets drop UDP first with these rules: iptables -A INPUT -i eth0 -p udp -j LOG --log-level debug --log-prefix “IPTABLES UDP-IN: “ iptables -A INPUT -i eth0 -p udp -j DROP
Now, lets log & drop ICMP packets: iptables -A INPUT -i eth0 -p icmp -j LOG --log-level debug --log-prefix “IPTABLES ICMP-IN: “ iptables -A INPUT -i eth0 -p icmp -j DROP
Log and drop all the incredibly noisy Windows NetBIOS traffic swimming about: iptables -A INPUT -i eth0 -p tcp -s 0/0 --sport 137:139 -j LOG --log-level debug --log-prefix “IPTABLES NETBIOS-IN: “ iptables -A INPUT -i eth0 -p tcp -s 0/0 --sport 137:139 -j DROP
Each log & drop is two rules, a log and a drop. The log rule is one line, line wrapped.

Now that we've allowed everything through our firewall that we want, lets log everything else, and drop it. Lets drop UDP first with these rules: iptables -A INPUT -i eth0 -p udp -j LOG --log-level debug --log-prefix “IPTABLES UDP-IN: “ iptables -A INPUT -i eth0 -p udp -j DROP