syslog

Logging packets specifed by filter via syslog

Syntax: syslog help | { [table TABLE] [action ACTION] CHAIN [FILTER] [prefix PREFIX] [level LEVEL] }

TABLE := iptables table name: filter, nat or mangle.
    Default: filter

ACTION := insert | append | delete
    Change the default action defined in the file /etc/flex-fw/defines/base/action (usually 'append')

CHAIN := input | output | forward | prerouting | postrouting | chain IPTABLES_CHAIN
    Define flex-fw chain for adding new rules.
    The 'postrouting' and 'prerouting' can be used only with 'nat' or 'mangle' tables. See 'man iptables' for details.

FILTER := [FROM] [TO] [proto PROTO] [state STATE]

PREFIX := single word to prefix a message
    Default: flex-fw

LEVEL := priority level for a message

FROM := { [in-if IFACE] [src IPADDR] } | from ZONE
    Source part of filter.

TO :=  { [out-if IFACE] [dst IPADDR] } | to ZONE 
    Destination part of filter.

PROTO := any | { tcp [SOURCE_PORT] [DESTINATION_PORT] } | { udp [SOURCE_PORT] [DESTINATION_PORT] } | PROTO_NUMBER
    Network protocol and some rlated info.

STATE := new | established | related
    State of connections.
    Default: new

IFACE := any | INTERFACE_NAME
    Network interface name. 'any' is a synonym for '+'.

IPADDR := any | IPv4_ADDRESS
    IPv4 host or network address. For example: 192.168.0.12, 192.168.0.0/16. 'any' is a synonym for 0.0.0.0/0.

ZONE := name of zone described in the file /etc/flex-fw/defines/zones/zonename
    The zonename file contains lines with interface name and IPv4 address per each line and divided by spaces.

SOURCE_PORT := sport PORT | sports PORT,PORT,...
    Source port(s) for TCP or UDP protocol.

DESTINATION_PORT := dport PORT | dports PORT,PORT,...
    Destination port(s) for TCP or UDP protocol.

PORT := any | priv | unpriv | PORT_NUMBER | PORT_NUMBER:PORT_NUMBER
    Port of TCP or UDP protocol. 'any' is equal '0:65535'. 'priv' is equal '0:1023'. 'unpriv' is equal '1024:65535'.

PROTO_NUMBER := the numeric value specified in /etc/protocols.


Examples:

    # Log all attempts to establish a new SSH-connection
    syslog input src any proto tcp dport ssh

    # Log all attempts to establish a new connection to my private service
    syslog input proto tcp dport $portMyPrivateService


Copyright (C) 2014 Vitaly Druzhinin
aka VitalkaDrug