0

I always use public WiFi in my college. Hence I thought of setting up a firewall. It was not as easy as I thought. My current set up is that all incoming connections are blocked except ssh. Is there a way by which I can configure Ubuntu to give me notifications whenever a new connection is made/attempted, both IN/OUT?

The idea is that I need to be informed in real time about this, ideally via notify-send. Then I should be able to suppress some notifications, which are redundant. Is it possible to do this?

daltonfury42
  • 5,559

2 Answers2

1

You could monitor the output of netstat. the flags -tpan allow viewing which program uses which port. In theory you could write a simple script that constantly checks number of those connections with grep, and if the number of connections have changed, you could get a notification. Note, that sshd won't be shown unless you run that command with sudo, so the script would probably need to be ran with sudo as well. I doubt notify-send would allow listing large amount of connections , but you could use zenity and it's list dialog.

Another way, though only for incoming connections, is not monitor who command. Since you're blocking all connections except ssh, you're probably more concerned with who's loggin in into your machine. You could use watch -n5 -d who , where -n is the interval for repeating the command in seconds, and -d is the flag to high light differences between the previous and current result of the command

A.B.
  • 92,125
Sergiy Kolodyazhnyy
  • 107,582
0

You could, but it would be a bad idea: your notify system will be overwhelmed by the constant sniffing/probing from the Internet and your outgoing connections …

If you still want to move ahead, I would:

First move the iptables log to it's own file

and then open a terminal window and do a:

tail --follow /var/log/iptables.log

and then you'll understand why having a notify isn't really practical …

Community
  • 1
Fabby
  • 35,017