Log dropped packets using CentOS Firewall

Submit to reddit

Please take care modifying your firewall. If you don’t understand what’s being done here you may lock yourself out of your machine. You’ve been warned 🙂 !

In order to log dropped packets on the INPUT chain I replaced this:

-A INPUT -i eth0 -j REJECT --reject-with icmp-host-prohibited

with this

1
2
3
4
-N LOGDROP
-A LOGDROP -i eth0 -j LOG
-A LOGDROP -i eth0 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -i eth0 -j LOGDROP

Of course you can use DROP instead of REJECT –reject-with icmp-host-prohibited