Community gatherings on Freenode at #tinycorelinux (webchat)
tc@box:/var/log$ sudo /usr/local/sbin/basic-firewallYour basic firewall is now [operational]Press enter to continuetc@box:/var/log$ tc@box:/var/log$ sudo iptables --line-numbers -vLChain INPUT (policy DROP 150 packets, 41007 bytes)num pkts bytes target prot opt in out source destination 1 0 0 ACCEPT all -- lo any anywhere anywhere 2 164 16608 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED3 0 0 REJECT tcp -- any any anywhere anywhere tcp dpt:auth reject-with tcp-resetChain FORWARD (policy DROP 202 packets, 10536 bytes)num pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 129 packets, 27318 bytes)num pkts bytes target prot opt in out source destination tc@box:/var/log$ tc@box:/var/log$ ls -lahtotal 4drwxrwxr-x 2 root staff 80 Jun 13 12:11 ./drwxrwxr-x 8 root staff 180 Jul 4 2016 ../-rw-r--r-- 1 root root 0 Jun 13 12:11 autologin-rw-rw-r-- 1 root staff 1.9K Jun 13 12:52 wtmptc@box:/var/log$
You need to use the "syslog" boot code to get /var/log/messages
menuentry "core" {linux /boot/vmlinuz quiet text tce=UUID="9b0807fd-1d0c-4c7b-94cd-853923c34e55" waitusb=10:UUID="9b0807fd-1d0c-4c7b-94cd-853923c34e55" noutc sysloginitrd /boot/rootfs.gz /boot/modules.gz}
Code: [Select]menuentry "core" {linux /boot/vmlinuz quiet text tce=UUID="9b0807fd-1d0c-4c7b-94cd-853923c34e55" waitusb=10:UUID="9b0807fd-1d0c-4c7b-94cd-853923c34e55" noutc sysloginitrd /boot/rootfs.gz /boot/modules.gz}
tc@box:/var/log$ cat /mnt/sda1/boot/grub/menu.lstdefault 0timeout 0kernel /boot/vmlinuz quiet textinitrd /boot/core.gztinycore {cron|syslog} tc@box:/var/log$
tc@box:/var/log$ cat /mnt/sda1/boot/grub/menu.lstdefault 0timeout 0kernel /boot/vmlinuz quiet text sysloginitrd /boot/core.gztc@box:/var/log$
tc@box:/var/log$ ls -lah messages -rw-r--r-- 1 root root 54.8K Jun 13 22:36 messagestc@box:/var/log$
..and you also need to have a LOG rule set for iptables to log anything.
sudo iptables -N LOGGINGsudo iptables -A FORWARD -j LOGGINGsudo iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables-Dropped: " --log-level 4sudo iptables -A LOGGING -j DROP
user@box:~$ tail -F /var/log/messages | egrep '1.1.1.2|172.16.2.6'Jun 13 22:57:43 box user.warn kernel: IPTables-Dropped: IN=eth3 OUT=eth2 SRC=1.1.1.2 DST=172.16.2.6 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=37467 DF PROTO=ICMP TYPE=8 CODE=0 ID=27652 SEQ=0 Jun 13 22:57:58 box user.warn kernel: IPTables-Dropped: IN=eth3 OUT=eth2 SRC=1.1.1.2 DST=172.16.2.6 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=39124 DF PROTO=ICMP TYPE=8 CODE=0 ID=27652 SEQ=15
tc@box:~$ sudo iptables --line-numbers -vLChain INPUT (policy ACCEPT 111 packets, 9899 bytes)num pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)num pkts bytes target prot opt in out source destination 1 486 41368 LOGGING all -- any any anywhere anywhere Chain OUTPUT (policy ACCEPT 93 packets, 17968 bytes)num pkts bytes target prot opt in out source destination Chain LOGGING (1 references)num pkts bytes target prot opt in out source destination 1 22 1920 LOG all -- any any anywhere anywhere limit: avg 2/min burst 5 LOG level warning prefix "IPTables-Dropped: "2 486 41368 DROP all -- any any anywhere anywhere tc@box:~$