Forum
Firetable Logs
Heiko
18 July 2014, 02:00
Hi,
I have a small Rspi with Hiawatha, PHP-FPM and Firetable. Its working fine together. I was a bit nerved, because Firetable logs are in syslog
So my solution is:
Add a file /etc/rsyslog.d/firetable.conf
with content:
:msg,contains,"FIRETABLE4: " /var/log/iptables.log
:msg,contains,"FIRETABLE6: " /var/log/iptables.log
And add in logrotate /var/log/iptables.log
For interested people: http://projects.leisink.net/Firetable/ test it
Firetable is a nice and easy tool to setup proper iptables like this:
accept incoming tcp to server:{ 80, 443 }
accept incoming udp to server:{ 1194 }
accept incoming icmp type { 11, 8 } from anywhere to server
drop incoming udp to anywhere:{ 137, 138 }
accept outgoing ip
Thank you Hugo!
BTW: I use an os language other than english, so I had to adapt some lines at 748 ... ( /usr/sbin/firetable )
Firetable 5.3
Hiawatha version: 9.6
Operating System: Debian
I have a small Rspi with Hiawatha, PHP-FPM and Firetable. Its working fine together. I was a bit nerved, because Firetable logs are in syslog
So my solution is:
Add a file /etc/rsyslog.d/firetable.conf
with content:
:msg,contains,"FIRETABLE4: " /var/log/iptables.log
:msg,contains,"FIRETABLE6: " /var/log/iptables.log
And add in logrotate /var/log/iptables.log
For interested people: http://projects.leisink.net/Firetable/ test it
Firetable is a nice and easy tool to setup proper iptables like this:
accept incoming tcp to server:{ 80, 443 }
accept incoming udp to server:{ 1194 }
accept incoming icmp type { 11, 8 } from anywhere to server
drop incoming udp to anywhere:{ 137, 138 }
accept outgoing ip
Thank you Hugo!
BTW: I use an os language other than english, so I had to adapt some lines at 748 ... ( /usr/sbin/firetable )
Firetable 5.3
Hiawatha version: 9.6
Operating System: Debian
Hugo Leisink
18 July 2014, 23:34
Hi Heiko. Sounds nice. I'll add this for the next release!
Hugo Leisink
19 July 2014, 12:24
Hmm, the logs are indeed written to iptables.log, but still also to syslog. I remember now that I had this in the past and for this reason I didn't include it in Firetable. I'll add the rsyslog config to the package as an optional feature.
What is it you had to change to the firetable script?
What is it you had to change to the firetable script?
Heiko
19 July 2014, 20:28
I have no entries in the syslog (Raspi Debian) but dmesg is full with it.
Workaround: alias dmesg="dmesg | sed '/FIRETABLE/d'"
Workaround: alias dmesg="dmesg | sed '/FIRETABLE/d'"
Heiko
19 July 2014, 20:35
Rasi starts with english and switches to german. So your script will work by systemstart, but not by service firetable restart.
My quick and dirty solution was:
<pre>
if ($this->ip_version == 4) {
$this->server = trim(exec("/sbin/ifconfig ".$interface." | grep 'inet addr' | cut -f2 -d':' | cut -f1 -d' '"));
if (!$this->server) {
$this->server = trim(exec("/sbin/ifconfig ".$interface." | grep 'inet Adresse' | cut -f2 -d':' | cut -f1 -d' '"));
}
} else {
$this->server = trim(exec("/sbin/ifconfig ".$interface." | grep 'inet6 addr' | grep 'Scope:Global' | head -1 | cut -f2- -d':' | cut -f2 -d' ' | cut -f1 -d'/'"
if (!$this->server) {
$this->server = trim(exec("/sbin/ifconfig ".$interface." | grep 'inet6 Adresse' | grep 'Scope:Global' | head -1 | cut -f2- -d':' | cut -f2 -d' ' | cut
}
}
...
</pre>
My quick and dirty solution was:
<pre>
if ($this->ip_version == 4) {
$this->server = trim(exec("/sbin/ifconfig ".$interface." | grep 'inet addr' | cut -f2 -d':' | cut -f1 -d' '"));
if (!$this->server) {
$this->server = trim(exec("/sbin/ifconfig ".$interface." | grep 'inet Adresse' | cut -f2 -d':' | cut -f1 -d' '"));
}
} else {
$this->server = trim(exec("/sbin/ifconfig ".$interface." | grep 'inet6 addr' | grep 'Scope:Global' | head -1 | cut -f2- -d':' | cut -f2 -d' ' | cut -f1 -d'/'"
if (!$this->server) {
$this->server = trim(exec("/sbin/ifconfig ".$interface." | grep 'inet6 Adresse' | grep 'Scope:Global' | head -1 | cut -f2- -d':' | cut -f2 -d' ' | cut
}
}
...
</pre>
Heiko
19 July 2014, 20:42
I forgot to say, I have in /etc/network/if-up.d a script with:
#!/bin/sh
/usr/sbin/firetable restart
So I need firetable on boot and restart.
#!/bin/sh
/usr/sbin/firetable restart
So I need firetable on boot and restart.
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
