8298 questions

9759 answers

15542 comments

13863 members

0 votes
524 views 5 comments
by
Is there a way to specifically log a firewall hit eg tcp 443 or https on a RUTX11?

1 Answer

0 votes
by

Hello,

Yes, there is. The packets can be captured via tcpdump tool that is implemented into RutOS by default.

The command should look similar to this: tcpdump tcp dst port 443 -w /etc/capture

Additionally, you can add more options that will allow capturing more specific packets.

by
Yes, that is tcpdump when a packet manages to get to the interface. What if is blocked by a FW rule? It won't get to the interface.

Also, there is no clue to the rule that is blocking the traffic.

Tcpdump is a great tool but it's not the same as firewall logging.
by

In case the port is blocked, you will see only a TCP packets with syn flag sent to the interface.

by
I understand that. But SYN will only show TCP. What about UDP etc?

Also, there is no indication of what FW rule is blocking.I really find it hard to believe that this product does not log FW rules??

Most cheap comsumer routers do this so I don't understand why the RUTX11 would not?
by
Specific packets can be logged using "iptables" by adding matching firewall rules similar to this:

iptables -I INPUT -i eth1 -p udp --dport 80 -j LOG

The corresponding log entries are stored in the system log.
by
Your remarks regarding firewall logging implementation into the WebUI will be forwarded to R&D department for consideration.