1

I suspect iptables to refuse some connection attempts I do on some ports. How to view the log of connections refused by iptables?

I use iptables on Kubuntu 14.04 LTS x64.

sudo iptables -v -x -n -L outputs:

francky@francky-Aurora-R4:~$ sudo iptables -v -x -n -L
Chain INPUT (policy ACCEPT 1735891 packets, 225230318 bytes)
    pkts      bytes target     prot opt in     out     source               destination
 6368899 10355529368 fail2ban-ssh  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 22

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
    pkts      bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 3860995 packets, 5648955269 bytes)
    pkts      bytes target     prot opt in     out     source               destination

Chain fail2ban-ssh (1 references)
    pkts      bytes target     prot opt in     out     source               destination
 6362396 10355135821 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0
Franck Dernoncourt
  • 3,548

1 Answers1

1

Connection blocking with iptables usually relies on fail2ban's ability to monitor log files and track failed authentication attempts. Fail2ban then supplies temporary rules to iptables for blocking connections to IP addresses associated with failed authentication attempts. The number of times and failed connection attempts are configurable, but my point is basically that while you could have iptables start logging to a file, it makes more sense to either check the log files fail2ban monitors directly, or ask iptables to display a list of current rules (since this will include temporarily blocked IP addresses and which rule they were associated with).

TL;DR try sudo iptables -S to list the current status. If any IP addresses are currently being blocked, you'll see them there instantly.

This DigitalOcean 'iptables basics' article is a helpful place to start learning more about essential commands.

Tom Brossman
  • 13,297