封单个IP的命令是:
iptables -I INPUT -s 211.1.0.0 -j DROP
参考:
Linux防火墙:iptables禁IP与解封IP常用命令
iptables记录日志:
suse 11 的 日志设置在 /etc/syslog-ng/syslog-ng.conf
在iptables添加日志选项
iptables -A INPUT -j LOG --log-prefix "iptables"
配置远程日志传输
Details
Edit the following file /etc/syslog-ng/syslog-ng.conf and uncomment or add the following line:
Make sure to uncomment or add this line to the source src block as such:
source src {
udp(ip("0.0.0.0") port(514));
};
If TCP is desired, change the line to read:
source src {
tcp(ip("0.0.0.0") port(514));
};
Restart the syslog service:
/etc/init.d/syslog restart
Verify that the syslog service is listening on the port specified by using the netstat program:
netstat -nap | grep syslog-ng
udp 0 0 0.0.0.0:514 0.0.0.0:* 8043/syslog-ng
If TCP is chosen as the protocol:
netstat -nap |grep syslog-ng
tcp 0 0 0.0.0.0:514 0.0.0.0:* 8043/syslog-ng
NOTE: If there is a firewall enabled, there must be an exception in place for the port chosen.
Setup the clients configuration:
Edit the /etc/syslog-ng/syslog-ng.conf file on the client machine and include/change the following information:
set up logging to loghost
destination loghost {
udp("192.168.93.163" port(514));
};
For TCP:
destination loghost {
tcp("192.168.93.163" port(514));
};
NOTE: Change the IP address to the ip address of the server that is acting as the loghost.
send everything to loghost
log {
source(src);
destination(loghost);
};
Restart the syslog service on the client machine:
/etc/init.d/syslog restart
Test the logging facility on the client to ensure logs are being forwarded to the loghost:
logger test testmessage
One should see test testmessage in /var/log/messages on both the client and the server.
参考:
linux 开启独立iptables日志
SUSE syslog-ng 设置
柏青哥的 SuSE Linux Enterprise Server 10 第九章 系統紀錄檔
iptables日志探秘
SUSE Linux Enterprise 11 Desktop/Server - How to Enable Remote Syslog Logging
© 2017, 新之助meow. 原创文章转载请注明: 转载自http://www.xinmeow.com