The most common reason why ospatrol would not see your iptables logs is
because you didn't configure it properly to log. By default iptables will NOT log anything
.
There is some good documents online on how to configure iptables, but for ospatrol to understand
them, you need to set the log-prefix
option in addition to the log
action.
For accept rules, the following action (with prefix) should be set: .. code-block:: console
-j LOG --log-prefix="ACCEPT "
They will generate the following log (or similar):
Jan 11 20:44:49 hostname kernel: [89463.101343] ACCEPT IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=33772 DF PROTO=TCP SPT=43961 DPT=81 WINDOW=32767 RES=0x00 SYN URGP=0
For deny rules, the following action should be set:
-j LOG --log-prefix="DROP "
They will generate the following log (or similar):
Jan 11 20:44:49 xxx kernel: [89463.101343] DROP IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=33772 DF PROTO=TCP SPT=43961 DPT=81 WINDOW=32767 RES=0x00 SYN URGP=0
Note that ospatrol will based its action based on the "DROP" or ALLOW that you configured. For more information about iptables log, take a look here .