Linux Iptables - Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CONFIGURING DSMS REV 1 Manual

43
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
-A INPUT -i eth0 --dport 31337 -j LOG --log-level info --log-prefix "Q1Target=fw_deny "
L IP
INUX TABLES
A STRM Linux IPtables DSM accepts events using syslog. STRM records all
relevant Accept, Drop, or Reject events. You can integrate IPTables version 2.4
with STRM.
Before you configure STRM to integrate with IPtables, you must:
Open the
iptables.conf
Note: The file containing IP tables rules varies according to Linux operating
system. For a system operating Red Hat Enterprise, the file is located in the
/etc/sysconfig/iptables directory. Consult the documentation for your Linux
operating system for more information on configuring IP tables.
Review the file to determine the IP tables rules you wish to log.
For example, if you wish to log the rule defined by the entry:
-A INPUT -i eth0 --dport 31337 -j DENY
Insert a matching rule immediately before each rule you wish to log:
-A INPUT -i eth0 --dport 31337 -j DENY
-A INPUT -i eth0 --dport 31337 -j DENY
Update the target of the new rule to LOG for each rule you wish to log. For
example:
-A INPUT -i eth0 --dport 31337 -j LOG
-A INPUT -i eth0 --dport 31337 -j DENY
Set the log level of the LOG target to a SYSLOG priority level, such as info or
notice:
-A INPUT -i eth0 --dport 31337 -j LOG --log-level info
-A INPUT -i eth0 --dport 31337 -j DENY
Add a string to the file to identify the rule's subsequent behavior. Set the log prefix
parameter to
Q1Target=<rule>.
Where is one of fw_accept, fw_drop, or fw_reject.
<rule>
For example, if the rule being logged targets DENY, the log prefix setting should be
Q1Target=fw_deny.
Configuring DSMs Guide
file.
-A INPUT -i eth0 --dport 31337 -j DENY