acceptableEngineering/gist:9107637eae374b9817413287f54e8f8f

## gistfile1.md

      
    Raw
  

              gistfile1.md
            
          
    SysOps Tricks

LOG Traffic with iptables

Specific IP:

Replace SOURCE_IP with an actual CIDR range (0.0.0.0/0 for all)
sudo iptables -I INPUT -s SOURCE_IP -j LOG --log-prefix "SOME_LABEL_HERE-INPUT: "
sudo iptables -I FORWARD -s SOURCE_IP -j LOG --log-prefix "SOME_LABEL_HERE-FORWARD: "
sudo iptables -I OUTPUT -d SOURCE_IP -j LOG --log-prefix "SOME_LABEL_HERE-OUTPUT: "

or: any IP, specific port:

sudo iptables -I INPUT -s 0.0.0.0/0 -p tcp --dport 80 -j LOG --log-prefix "SOME_LABEL_HERE-INPUT: "
sudo iptables -I FORWARD -s 0.0.0.0/0 -p tcp --dport 80 -j LOG --log-prefix "SOME_LABEL_HERE-FORWARD: "
sudo iptables -I OUTPUT -s 0.0.0.0/0 -p tcp --dport 80 -j LOG --log-prefix "SOME_LABEL_HERE-OUTPUT: "

Monitor:

grep "SOME_LABEL_HERE" /var/log/syslog

Cleanup

If you used the "Specific IP" method:
sudo iptables -D INPUT -s SOURCE_IP -j LOG --log-prefix "SOME_LABEL_HERE-INPUT: "
sudo iptables -D FORWARD -s SOURCE_IP -j LOG --log-prefix "SOME_LABEL_HERE-FORWARD: "
sudo iptables -D OUTPUT -d SOURCE_IP -j LOG --log-prefix "SOME_LABEL_HERE-OUTPUT: "

or: if you used the "any IP, specific port" method:

sudo iptables -D INPUT -s 0.0.0.0/0 -p tcp --dport 80 -j LOG --log-prefix "SOME_LABEL_HERE-INPUT: "
sudo iptables -D FORWARD -s 0.0.0.0/0 -p tcp --dport 80 -j LOG --log-prefix "SOME_LABEL_HERE-FORWARD: "
sudo iptables -D OUTPUT -d 0.0.0.0/0 -p tcp --dport 80 -j LOG --log-prefix "SOME_LABEL_HERE-OUTPUT: "