Have iptables send an email on DROP

view full story

http://serverfault.com – I'd like to invoke sending an e-mail (or running a particular script, if that would be possible) when a certain iptables DROP rule is being run. (For instance, when I'm blocking an IP after 5 failed SSH logins, I'd like to run mail -s "SSH Blocked" info@example.com or something similar. Is there a way to directly have iptables execute this? If not, then I guess I'd need to scan the logs with an external tool and then send out emails. Any recommended tool for this? Please note that I'm using systemd so I am using journalctl and not old fashioned log files. (HowTos)

Submitted by xskl on 12/31/2012 – Made popular on 12/31/2012

Login or register to post comments
Email this page

Stories similar to Have iptables send an email on DROP

IPTABLES allow mail with DROP policy [closed] 22 weeks 2 days ago

I'd like to allow mail through iptables and DROP policy but this script doesn't work what it is wrong here:

## FLUSH de reglas iptables -F

iptables -X

iptables -Z

iptables -t nat -F

## policy iptables -P INPUT DROP

iptables -P OUTPUT ACCEPT

iptables -P FORWARD DROP

# localhost iptables -A INPUT -i lo -j ACCEPT

# Allow my ip iptables -A INPUT -s MY_IP -j ACCEPT

# 80 port iptables -A I

Iptables rule that accept any kind of packet 1 year 22 weeks ago

I have these drop rules:

iptables -t mangle -P FORWARD DROP iptables -P FORWARD DROP

iptables -t mangle -P INPUT DROP iptables -P INPUT DROP

iptables -t mangle -P OUTPUT DROP iptables -t nat -P OUTPUT DROP iptables -P OUTPUT DROP

iptables -t nat -P PREROUTING DROP iptables -t mangle -P PREROUTING DROP

iptables -t nat -P POSTROUTING DROP iptables -t mangl

Centos IPTables configuration for external firewall 35 weeks 3 hours ago

Current setup

Centos which is a Web, Mail (Postfix,Dovecot), FTP Server and Gateway with public ip and private ip (for LAN Gateway).

We are planning to implement external firewall box and bring the server to LAN

Please guide on configuring IPTables...

Using iptables to block for specific services 13 weeks 5 days ago

I am using ipset in conjunction with iptables to create a list of IPs I want to block. I did this:

ipset -N blocking iphash ipset -A blocking 124.205.11.230 // and repeated this line for all IPs I want to add to "blocking" list

now I have to add this rule to iptables

if I do this

iptables -A INPUT -m set --set blocking src -j DROP

the IPs will be blocked for everything SSH, FTP, etc.

Sendmail & IpTable Rules 38 weeks 1 day ago

I need to setup IpTable Rules for a server with nginx, ssh and sendmail. Now, the problem is, with my rules I can not send emails to other hosts anymore. Emails to localhost do work, but sending to different servers does not, when the firewall is up.

I tried opening both Incoming and Outgoing Port 25 and DNS lookup ports, but nothing worked. Any ideas?

Update:

Here are my rules:

iptables question. 24 weeks 3 days ago

I am setting up a new squid daemon to run on my server. I want to make sure that everyone inside my network can access squid but I want to make sure everyone on the internet is blocked.

[ubuntu] IPTables problems 27 weeks 1 day ago

I'm having some problems with my VPS running Ubuntu Server 11.04 x64.

Block some website in Linux machine 1 year 21 weeks ago

In my office all are using facebook and some other site that we don't want to be. Form the server pc, I used to share my net through the /ect/rc.local file.

postfix cannot send email 31 weeks 3 days ago

I'd like to mention that im really new to this so please bear with me. I'm trying to setup a forum software to send emails via postfix but I think my server has the port 25 blocked.

Have iptables send an email on DROP

Search

Best published stories

Beautiful linux wallpapers

Tags