[psad-discuss] Fwd: Iptable rules/chain can't be createed by psad.

Thu, 27 Apr 2017 12:23:47 -0700 

---------- Forwarded message ----------
From: bryn1u85 . <m.bry...@gmail.com>
Date: 2017-04-27 15:32 GMT+02:00
Subject: Re: [psad-discuss] Iptable rules/chain can't be createed by psad.
To: "Reicht, Ignaz" <i.rei...@dkfz-heidelberg.de>


Hello,

I've checked with below rules:

iptables -A INPUT -j LOG
iptables -A FORWARD -j LOG

Im still getting messages on mail:

[-] You may just need to add a default logging rule to the
    'filter' 'INPUT' chain on proton.edu.pl.  For more information,
    see the file "FW_HELP" in the psad sources directory or visit:

    http://www.cipherdyne.org/psad/docs/fwconfig.html

[-] You may just need to add a default logging rule to the
    'filter' 'INPUT' chain on proton.edu.pl.  For more information,
    see the file "FW_HELP" in the psad sources directory or visit:

    http://www.cipherdyne.org/psad/docs/fwconfig.html

[root@proton bryn1u]# psad --fw-analyze
[+] Parsing INPUT chain rules.
[+] Parsing INPUT chain rules.
[-] Errors found in firewall config.
    emailed to m.bry...@gmail.com
[+] Results in /var/log/psad/fw_check
[+] Exiting.
[root@proton bryn1u]#

Is it really evrything ok with psad ?


2017-04-26 23:50 GMT+02:00 bryn1u85 . <m.bry...@gmail.com>:

> Hello,
>
> Thank u for your replay but it still doesnt work :((
>
> [root@proton bryn1u]# psad --fw-list-auto
> [+] Listing chains from IPT_AUTO_CHAIN keywords...
>
> [root@proton bryn1u]# psad --fw-list
> [+] Listing chains from IPT_AUTO_CHAIN keywords...
>
> [root@proton bryn1u]#
>
> iptables -L shows only my policy. I have installed iptables service so my
> policies are kept there :D
>
> Could be some ony reason why it doesnt want to work ? Im using it on
> Centos 7 but i also tried on Debian 9 and the output from Debian:
>
> root@Neutron:/home/bryn1u# psad --fw-list-auto
> [+] Listing chains from IPT_AUTO_CHAIN keywords...
>
> [-] Table: filter, chain: PSAD_BLOCK_INPUT, does not exist
> [-] Table: filter, chain: PSAD_BLOCK_OUTPUT, does not exist
> [-] Table: filter, chain: PSAD_BLOCK_FORWARD, does not exist
> root@Neutron:/home/bryn1u# psad --fw-list
> [+] Listing chains from IPT_AUTO_CHAIN keywords...
>
> [-] Table: filter, chain: PSAD_BLOCK_INPUT, does not exist
> [-] Table: filter, chain: PSAD_BLOCK_OUTPUT, does not exist
> [-] Table: filter, chain: PSAD_BLOCK_FORWARD, does not exist
> root@Neutron:/home/bryn1u#
>
>
> I have no idea whats wrong
>
> regards,
>
> 2017-04-26 23:38 GMT+02:00 Reicht, Ignaz <i.rei...@dkfz-heidelberg.de>:
>
>> Hi Bryn1,
>>
>> your command:
>>
>> [root@proton firewall]# psad --fw-list
>>
>>
>> psad docu says (http://cipherdyne.org/psad/docs/manpages/psad.html):
>> *"**--fw-list-auto*List all rules in iptables chains that are used by
>> *psad* in auto-blocking mode.
>> "
>> your command "--fw-list" also lists chains that are used by psad in
>> auto-blocking mode.
>>
>> try this command:
>> sudo iptables -L
>>
>> But be aware that after each restart of your computer, iptables are reset
>> to default if you did not install any additional software to restore your
>> customised rules. (using ufw is quite convenient in that way)
>>
>>
>> cheers
>> Iggy
>>
>> On 26 Apr 2017, at 22:31, bryn1u85 . <m.bry...@gmail.com> wrote:
>>
>> Hello,
>>
>> I have bought and studying a book of PSAD written by Michael R. Few
>> changes has been changed like iptables LOG policy.
>>
>> This is my iptables policy:
>>
>>
>> ### flush existing rules and set chain policy setting to DROP
>> echo "[+] Flushing existing iptables rules..."
>> $IPTABLES -F
>> $IPTABLES -F -t nat
>> $IPTABLES -X
>> $IPTABLES -P INPUT DROP
>> $IPTABLES -P OUTPUT ACCEPT
>> $IPTABLES -P FORWARD DROP
>>
>> ### this policy does not handle IPv6 traffic except to drop it.
>> #
>> echo "[+] Disabling IPv6 traffic..."
>> $IP6TABLES -P INPUT DROP
>> $IP6TABLES -P OUTPUT DROP
>> $IP6TABLES -P FORWARD DROP
>>
>> ### load connection-tracking modules
>> #
>> $MODPROBE ip_conntrack
>> $MODPROBE iptable_nat
>> $MODPROBE ip_conntrack_ftp
>> $MODPROBE ip_nat_ftp
>>
>> ###### INPUT chain ######
>> #
>> echo "[+] Setting up INPUT chain..."
>>
>> ### ipset countries block:
>> iptables -A INPUT -m set --match-set blockcountries src -j DROP
>>
>> #
>> $IPTABLES -A INPUT -m conntrack --ctstate INVALID -j DROP
>> $IPTABLES -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
>>
>> #$IPTABLES -A INPUT -p tcp --dport 20 -m conntrack --ctstate NEW -j ACCEPT
>> #$IPTABLES -A INPUT -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
>> $IPTABLES -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
>> $IPTABLES -A INPUT -p tcp --dport 25 -m conntrack --ctstate NEW -j ACCEPT
>> $IPTABLES -A INPUT -p tcp --dport 43 -m conntrack --ctstate NEW -j ACCEPT
>> $IPTABLES -A INPUT -p tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
>> $IPTABLES -A INPUT -p tcp --dport 113 -m conntrack --ctstate NEW -j ACCEPT
>> $IPTABLES -A INPUT -p tcp --dport 443 -m conntrack --ctstate NEW -j ACCEPT
>> $IPTABLES -A INPUT -p tcp -m multiport --dports 25,143,110,587,993,995 -m
>> conntrack --ctstate NEW -j ACCEPT
>> $IPTABLES -A INPUT -p tcp --dport 4444 -m conntrack --ctstate NEW -j
>> ACCEPT
>> $IPTABLES -A INPUT -p tcp --dport 5566 -m conntrack --ctstate NEW -j
>> ACCEPT
>> $IPTABLES -A INPUT -p tcp --dport 6666 -m conntrack --ctstate NEW -j
>> ACCEPT
>> $IPTABLES -A INPUT -p tcp --dport 6667 -m conntrack --ctstate NEW -j
>> ACCEPT
>> $IPTABLES -A INPUT -p tcp --dport 30033 -m conntrack --ctstate NEW -j
>> ACCEPT
>> $IPTABLES -A INPUT -p tcp --dport 10011 -m conntrack --ctstate NEW -j
>> ACCEPT
>> $IPTABLES -A INPUT -p udp --dport 9987 -m conntrack --ctstate NEW -j
>> ACCEPT
>> $IPTABLES -A INPUT -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
>> $IPTABLES -A INPUT -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
>>
>> #### PSAD:
>>
>> $IPTABLES -A INPUT -j LOG
>> $IPTABLES -A FORWARD -j LOG
>>
>> After that i dont see any chains in iptables only rules as above.
>>
>> [root@proton firewall]# psad --fw-list
>> [+] Listing chains from IPT_AUTO_CHAIN keywords...
>>
>> [root@proton firewall]#
>>
>> There empty :((
>>
>> What am i doing wrong ??. I have found few describes blogs about psad and
>> for others it works.
>>
>> Thank you,
>>
>> ------------------------------------------------------------
>> ------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org <http://slashdot.org>!
>> http://sdm.link/slashdot_______________________________________________
>> psad-discuss mailing list
>> psad-discuss@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/psad-discuss
>>
>>
>>
>

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
psad-discuss mailing list
psad-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/psad-discuss

Reply via email to