FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
927 views 5 comments
by
Is there a way to specifically log a firewall hit eg tcp 443 or https on a RUTX11?

1 Answer

0 votes
by anonymous

Hello,

Yes, there is. The packets can be captured via tcpdump tool that is implemented into RutOS by default.

The command should look similar to this: tcpdump tcp dst port 443 -w /etc/capture

Additionally, you can add more options that will allow capturing more specific packets.

by
Yes, that is tcpdump when a packet manages to get to the interface. What if is blocked by a FW rule? It won't get to the interface.

Also, there is no clue to the rule that is blocking the traffic.

Tcpdump is a great tool but it's not the same as firewall logging.
by anonymous

In case the port is blocked, you will see only a TCP packets with syn flag sent to the interface.

by
I understand that. But SYN will only show TCP. What about UDP etc?

Also, there is no indication of what FW rule is blocking.I really find it hard to believe that this product does not log FW rules??

Most cheap comsumer routers do this so I don't understand why the RUTX11 would not?
by anonymous
Specific packets can be logged using "iptables" by adding matching firewall rules similar to this:

iptables -I INPUT -i eth1 -p udp --dport 80 -j LOG

The corresponding log entries are stored in the system log.
by anonymous
Your remarks regarding firewall logging implementation into the WebUI will be forwarded to R&D department for consideration.