xx产品有个功能是对任何端口的访问都会被记录。它的实现原理是iptables的NFLOG
NFLOG是什么
它是一个target,就像ACCEPT、DROP等可以作为iptables -j后的参数值
iptables -A INPUT -p tcp -m tcp --dport 80 -j NFLOG --nflog-group 40 --nflog-prefix TCPDUMP-PCAP-IN
tcpdump -i nflog:40 -v -w nf40.pcap
// 此时tcpdump必须使用 -w 参数报文报文
tcpdump -i nflog:40 -v -w nf40.pcap
tcpdump: listening on nflog:40, link-type NFLOG (Linux netfilter log messages), capture size 262144 bytes
示例:
Can I log and drop packets with nflog in one iptables rule?
-N log_and_drop
-A log_and_drop -j NFLOG --nflog-prefix "shared prefix"
-A log_and_drop -j DROP
-A INPUT -p tcp --sport 1234 -g log_and_drop
-A INPUT -p udp --sport 4321 -g log_and_drop
Is there any way to put NFLOG (--nflog-prefix
) inside the iptables rule so that there is only one line left?
NFLOG:https://ipset.netfilter.org/iptables-extensions.man.html#lbDG
标签:iptables,log,NFLOG,--,drop,nflog,使用 From: https://www.cnblogs.com/codestack/p/17722609.html