Now we have two rules to connect to the raspberry, and we know it is working because we can connect to it using ssh. Now, how can we know if someone else is training to connect to it? We can create a rule every ssh connection to the raspberry is logged.
To do this, let's create the following rule
iptables -A INPUT -p tcp -dport 22 -i eth0 -j LOG
As you can see, is the same rule that we create before, but the target is LOG instead of ACCEPT.
If we try to connect to our Rasberry again, we will have access to it.
This rule, write a log entry in /etc/var/kern.log but, if we look at the end of this file we will not find anything related to our new rule. This is because the rules in a chain are executed in descending order, in this case, the rule with the ACCEPT is executed before the LOG rule. When iptables find a rule that jumps to ACCEPT, DROP or REJECT, it finish looking for a rule and the following rules are not executed.
To fix this, let's move our LOG rule.
First, we need to know the rules created, so run the following command (you know this one):
iptables -L
we can see a tabular representation of our rule. now lets run again the same command but now wue are going to add a new option
iptables -L --line-n
Now we have the same result with the last command but at the beginning of each line, we have a number. This number is an identification of each rule on each chain. So we can delete the rule with the command
iptables -D INPUT 2
OK, but what happens if we have tens of hundreds of lines and can identify a specific rule to erase it in the tabular view? We can delete the rule rewriting the rule, changing the option "A" for a "D"
iptables -D INPUT -p tcp -dport 22 -i eth0 -j LOG
OK, now we want to put our rule before of that where we open the communication with ssh. Lets Inset the new rule:
iptables -I INPUT 1 -p tcp -dport 22 -i eth0 -j LOG
In this case, 1 is the position where we want to include our new rule. If you run the command to show the tabular rules table, you will see there is a new order in the rules, first comes the LOG rule and after the ACCEPT rule.
In this case, the rule with LOG doesn't break the order of reading rules, iptables find this rule, execute it and continue with the next one.
No comments:
Post a Comment