Iptables doesn’t recognize –log-prefix

iptableslogging

I'm having difficulty getting iptables to log. Here are the relevant commands:

/usr/sbin/iptables -N LOG_DROP
/usr/sbin/iptables -A LOG_DROP -m limit --limit 2/min -j LOG --log-prefix "iptables drop: " --log-level 7
/usr/sbin/iptables -A LOG_DROP -j DROP

Entering these commands, results in:

iptables v1.4.21: unknown option "–log-prefix"

I believe the following modules are important, so they're active in my kernel:

`nf_log_common
 nf_log_ipv4
 nf_log_ipv6`

Any suggestions for solving this problem?

Best Answer

I had to run all commands with root privileges (sudo). Obviously iptables command executed by user didn't know about the channel created by root.

Related Solutions

Iptables masquerading / NAT firewall works with IPs, FAILS on SOME connections, esp when Domain Names are involved

Your problem is that DNS isn't working.

From the perspective of the firewall, it can't tell if you typed:

$ ping google.com

or:

$ ping 2001:4860:800f::63

Fix DNS and you'll fix your problem.

To help diagnose, try adding some rules such as:

-A INPUT -m limit --limit 3/min -j LOG --log-prefix "FW-IN-DROP-DEFAULT " --log-tcp-options --log-ip-options

before your REJECT rules. Then you'll know if it's being dropped.

Iptables doesn’t log to /var/log/kern.log or syslog

Your iptables stanza defines log-level as info and your rsyslog.conf says loglevel info gets written to /var/log/messages. Can you find your iptables messages there?

Best Answer

Related Solutions

Iptables masquerading / NAT firewall works with IPs, FAILS on SOME connections, esp when Domain Names are involved

Iptables doesn’t log to /var/log/kern.log or syslog

Related Topic