Title says it all.
How can I, with iptables under Linux, log all IP connecting to a server?
As a little detail, I'd like to have only ONE entry in the log PER DAY PER IP.
Thanks 🙂
EDIT:
I narrowed it down to 5 packets logged for every new session which is weird since I use –hashlimit 1 –haslimit-burst 1, I suspect that –m limit which defaults to 5 plays a role in there. Trouble is, if I set –m limit to 1, only 1 entry is logged for ALL IP instead one per EACH IP.
The reason I want to do this is also to avoid as much as possible logs growing too fast since this will be a rather unmanaged box.
EDIT2:
Here is my current try, in a iptables-restore format:
(on several lines for ease of reading)
-A FORWARD -d 10.x.x.x -p tcp --dport 443 -m state --state NEW
-m hashlimit --hashlimit-upto 1/min --hashlimit-burst 1
--hashlimit-mode srcip --hashlimit-name denied-client
-j LOG --log-prefix "iptables (denied client): "
Best Answer
I would try this:
So your list
mydaily
will keep track of the last seen IP addresses, and if it was never seen before, or if the last seen is older than one day, the packet will be logged, and the list entry for that IP address be updated.You should probably set
ip_list_tot
to a higher value formydaily
, as explained in the iptables manpage (In your case for /proc/net/xt_recent/mydaily).