[syslog-ng] iptables and syslog-ng
Faine, Mark R. (MSFC-IS40)[NICS]
mark.faine at nasa.gov
Thu Aug 13 17:40:14 UTC 2020
I'm sure there is probably an existing canonical set of rules to allow syslog-ng traffic through iptables but I can't find it. I'm sorry, since I know this is probably a common question. I've been trying to get it to work but I seem to be missing something. This is what I have:
iptables -A INPUT -i em3 -p udp --dport 514 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o em3 -p udp --sport 514 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -i em1 -p tcp --dport 514 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i em1 -p tcp --dport 10514 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o em1 -p tcp --sport 514 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o em1 -p tcp --sport 10514 -m state --state ESTABLISHED -j ACCEPT
We receive logs on udp 514 and tcp 10514 and we forward all of these logs to another remote server on the same ports. I've not seen any evidence of it but I've been told that we may also receive logs on tcp 514.
I appreciate any assistance. We usually rely on hardware firewalls but new security guidelines are also requiring software firewalls be configured.
Thanks,
-Mark
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20200813/4a703e01/attachment-0001.html>
More information about the syslog-ng
mailing list