What's new

AC86U firewall-start IP logging

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Maverickcdn

Senior Member
Hello all

Just upgraded from an N66 to the AC86u and slammed 384.8_2 on it.

Ive set up some iptables in firewall-start for logging connections but they dont appear to be logging, firewall-start shows its been loaded at boot and doesnt flag any errors but nothing gets logged according to the rules.

Also have settings in the logging page to 'Default Log Level>debug' Log messages more urgent>all'

#!/bin/sh

iptables -I FORWARD -p tcp -m tcp --dport 80 -d 10.10.10.10 -m state --state NEW -j LOG --log-level 1 --log-prefix "web80"
iptables -I FORWARD -p tcp -m tcp --dport 443 -d 10.10.10.10 -m state --state NEW -j LOG --log-level 1 --log-prefix "web443"
iptables -I FORWARD -p tcp -m tcp --dport 30443 -m state --state NEW -j LOG --log-level 1 --log-prefix "openvpnobfs"
iptables -I INPUT -p tcp -m tcp --dport 31194 -m state --state NEW -j LOG --log-level 1 --log-prefix "openvpn"

Can anyone offer up a suggestion on where I went wrong here? On the old N66 with this it would log all the connections to those rules and show them in the logging output in the webgui page, now it doesnt show anything. :(
 
With a little more time Ive done some more looking, iptables -L shows the rules arent even been added hence why they're not logging..... if I manually add them they work. Seems I have an issue somewhere in my firewall-start

its created in Notepad++ and chmod a+rx Im kinda confused now...
 
So if get with no other mention in the log
Jan 18 18:01:41 custom_script: Running /jffs/scripts/firewall-start (args: eth0)
during boot .... and have the script listed above in firewall-start... but IPTABLES isn't showing the rules is it an issue with the formatting of my firewall-start file maybe?? Might try just typing it out in nano over ssh and see if it makes a difference

Don’t you need a line number after the chain name (FORWARD, INPUT) for inserts?

it just inserts to the top of the chain
 
If you uploaded it from a PC, run
Code:
dos2unix /jffs/scripts/firewall-start

Boom! Thank you

Simple oversight by me quickly corrected by another kind forum member, you da man!
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top