AndreasOM/iptables-with-logging.sh

## iptables-with-logging.sh
iptables -F

iptables -N LOGALL
iptables -N INPUT_LOGGED

iptables -A LOGALL -m state --state NEW -j LOG --log-level 7 --log-prefix "IPTABLES NEW: "
## iptables -A LOGALL -j LOG --log-level 7 --log-prefix "IPTABLES ALL: "
iptables -A LOGALL -j INPUT_LOGGED

iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -j LOGALL

### iptables -A INPUT_LOGGED -p tcp --dport 990 -j ACCEPT				# FTP
### iptables -A INPUT_LOGGED -p tcp --dport 989 -j ACCEPT				# FTPS
### iptables -A INPUT_LOGGED -p tcp --dport 21 -j ACCEPT				# FTP

iptables -A INPUT_LOGGED -p tcp --dport 953 -j ACCEPT			# RNDC
### iptables -A INPUT_LOGGED -p tcp --dport 5984 -j ACCEPT			# couchdb
iptables -A INPUT_LOGGED -p tcp --dport 4444:5555 -j ACCEPT

iptables -A INPUT_LOGGED -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT_LOGGED -p tcp -j DROP

# /etc/init.d/iptables save active
	iptables -F

	iptables -N LOGALL
	iptables -N INPUT_LOGGED

	iptables -A LOGALL -m state --state NEW -j LOG --log-level 7 --log-prefix "IPTABLES NEW: "
	## iptables -A LOGALL -j LOG --log-level 7 --log-prefix "IPTABLES ALL: "
	iptables -A LOGALL -j INPUT_LOGGED

	iptables -A INPUT -p tcp --dport 22 -j ACCEPT
	iptables -A INPUT -j LOGALL

	### iptables -A INPUT_LOGGED -p tcp --dport 990 -j ACCEPT # FTP
	### iptables -A INPUT_LOGGED -p tcp --dport 989 -j ACCEPT # FTPS
	### iptables -A INPUT_LOGGED -p tcp --dport 21 -j ACCEPT # FTP

	iptables -A INPUT_LOGGED -p tcp --dport 953 -j ACCEPT # RNDC
	### iptables -A INPUT_LOGGED -p tcp --dport 5984 -j ACCEPT # couchdb
	iptables -A INPUT_LOGGED -p tcp --dport 4444:5555 -j ACCEPT

	iptables -A INPUT_LOGGED -m state --state ESTABLISHED,RELATED -j ACCEPT
	iptables -A INPUT_LOGGED -p tcp -j DROP

	# /etc/init.d/iptables save active