Thanks to mojo_jojo's post, I too informed support that I wanted ipt_ modules. They moved my VPS to a node that supports them and I set up this iptables code
[root@vps /]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
VZ_INPUT all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
VZ_FORWARD all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
VZ_OUTPUT all -- anywhere anywhere
Chain LOGACCEPT (1 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level alert
ACCEPT all -- anywhere anywhere
Chain LOGDROP (1 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level warning
DROP all -- anywhere anywhere
Chain VZ_FORWARD (1 references)
target prot opt source destination
Chain VZ_INPUT (1 references)
target prot opt source destination
ACCEPT tcp -- my.home.ip.address anywhere tcp dpt:ssh
LOGDROP tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpts:32768:65535
ACCEPT udp -- anywhere anywhere udp dpts:32768:65535
ACCEPT tcp -- anywhere anywhere tcp dpt:8880
ACCEPT tcp -- anywhere anywhere tcp dpt:8443
ACCEPT tcp -- vps.myhost.com vps.myhost.com
ACCEPT udp -- vps.myhost.com vps.myhost.com
ACCEPT tcp -- my.home.ip.address anywhere tcp dpt:783
LOGACCEPT tcp -- my.home.ip.address anywhere tcp dpt:ftp
Chain VZ_OUTPUT (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp spt:http
ACCEPT tcp -- anywhere anywhere tcp spt:ssh
ACCEPT tcp -- anywhere anywhere tcp spt:smtp
ACCEPT tcp -- anywhere anywhere tcp spt:pop3
ACCEPT tcp -- anywhere anywhere tcp spt:domain
ACCEPT udp -- anywhere anywhere udp spt:domain
ACCEPT tcp -- anywhere anywhere
ACCEPT udp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp spt:8880
ACCEPT tcp -- anywhere anywhere tcp spt:8443
ACCEPT tcp -- vps.myhost.com vps.myhost.com
ACCEPT udp -- vps.myhost.com vps.myhost.com
ACCEPT tcp -- anywhere anywhere tcp spt:783
Unfortunately, I did't see and output in /var/log/messages.
I then changed syslog.conf to this:
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
# JP Log them to /var/log/messages
kern.* -/var/log/firewall.log
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none -/var/log/messages
# The authpriv file has restricted access.
authpriv.* -/var/log/secure
# Log all the mail messages in one place.
mail.* -/usr/local/psa/var/log/maillog
# Log cron stuff
cron.* -/var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit -/var/log/spooler
# Save boot messages also to boot.log
local7.* -/var/log/boot.log
And I'm still not seeing any messages in /var/log/messages. I have connected using my ftp client, and I see the message from proftpd indicating as such, but none from the firewall. Syslogd creates the firewall.log file too, but no messages. When I changed the target of the ftp line to LOGCROP, I can't connect so I know the firewalling function is working, but I can't get a message from that either. What am I doing wrong?
Dilber MC Theme by HarzeM