My firewall rules are not working

Harry

2/8/23, 4:17 PM

I am trying to write firewall rules for logging messages but they don't seem to work:

First of all I have added a chain MY_LOG

-N MY_LOG

Then I wrote a rule to jump to MY_LOG chain when I receive a message with destination IP 192.168.1.132, destination port 79 and protocol UDP:

-A INPUT -d 192.168.1.132/32 -p udp -m udp --dport 79 -j MY_LOG

and finally I wrote the rule for the MY_LOG chain:

-A MY_LOG -m mark --mark 0x35 -j NFLOG --nflog-prefix "MY LOG " --nflog-group 30

Then I am sending messages to the correspoding IP and port using Netcat:

nc -u 192.168.1.132 79

but it is not logging anything. What am I doing wrong? Any suggestions?

Thank you very much in advance!

0 + 0

firewall

iptables

logging

David W

2/8/23, 4:21 PM

Your IPTABLES rule is for destination-port 79, but your `nc -u` command is for port 89.

Harry

2/11/23, 7:08 AM

Sorry, that was just a typo in reporting the command, in my tests I used port 79 with nc.

Score:0

Server

No One

2/9/23, 6:39 AM

The thing to remember is that firewall rules are checked in the order they are listed. The kernel will stop processing the chain when a rule is triggered that will either allow or dis-allow a packet or connection.

I think the most common mistake for novice firewall administrators is that they follow the correct instructions to add a new rule, such as the one below:

[sudo] iptables -A INPUT -d 192.168.1.132/32 -p udp -m udp --dport 79 -j MY_LOG

and then discover that it won't take effect.

The reason for that is that the -A option adds that new rule, after all existing rules and since very often the final rule in the existing firewall was one that blocks all traffic that isn't explicitely allowed, resulting

sudo  iptables-save
...
iptables -A INPUT  -j REJECT
iptables -A INPUT -d 192.168.1.132/32 -p udp -m udp --dport 79 -j MY_LOG

and the new rule / chain will never be reached.

By inserting the rule with -I the new rule would have been the first in the chain and will work.

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: My firewall rules are not working

TH: กฎไฟร์วอลล์ของฉันไม่ทำงาน

RO: Regulile mele pentru firewall nu funcționează

RU: Мои правила брандмауэра не работают

VI: Quy tắc tường lửa của tôi không hoạt động

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.