iptables or default Linux firewall doesn’t have logs (dropped, rejected, …) enabled by default (also in DSM).
When you like to use
iptables logging feature, you need to be sure of what are you doing. Otherwise, you can block entire your system - it's a powerful firewall.
Because you are asking such a question, it will be more likely that you do not understand this domain. I'm not writing this to embarrass you. This domain is difficult to understand at all what you will find in these logs. Then there is another point of view - if such logs are improperly enabled, you can overwhelm your CPU. Be careful.
First:
default location for enabled iptables logs is: /var/log/messages
you can test, that there you can’t find these logs:
Bash:
cat /var/lo/messages | grep “ipt denied:”
You can understand how iptables works. Start here:
A Computer Science portal for geeks. It contains well written, well thought and well explained computer science and programming articles, quizzes and practice/competitive programming/company interview Questions.
www.geeksforgeeks.org
or here:
Iptables is a powerful firewall tool for Linux. Read our Iptables tutorial and learn everything you need to know to secure your server.
www.hostinger.com
And if you still want to look at how to make logs, this will help you:
This article is part of our ongoing Linux IPTables series of articles. When things are not working as expected with your IPTables rules, you might want to log the IPTables dropped packets for troubleshooting purpose. This article explains how to log both incoming and outgoing dropped firewal...
www.thegeekstuff.com
In any case (my approach):
you can mount DSM /var/log to your computer to be more flexible
A few recommendations:
1. MANDATORY - make a backup of the existing
iptables:
Bash:
iptables-save > <path to your backup>
2. always test only one rule with logging
3. gradually add other log rules (or remove unnecessary ones)
4. at any time you can restore the backup of the
iptables:
Bash:
iptables-restore > <path to your backup>
Here is a better option to start with:
Deployed and tested NtopNG container First touch feelings: 1. running w/o a significant impact on NAS host (it was my worries) 2. Useful to fast preview of the network status before you will use Wireshark 3. you can create pools for a clustered preview or exact host interface flow check 4...
www.synoforum.com
I am looking for a (Synology-based) tool (package?) that would allow me to precisely monitor in- and outgoing network traffic from and to the NAS. I would, for instance, like to know how much traffic is going in and out right now for the individual packages installed. Do you know of any such...
www.synoforum.com
For a forensic search purposes, it is more appropriate to use tcpdump, which you can also save in realtime to a defined file, which you can have mapped to Wireshark on your computer. Of course, you will only see the current status.
More about NAS security (related) you can find here:
I spent the day tightening security up significantly. Thank you for raising these red flags for those of us that struggle with all these settings.
www.synoforum.com
about Docker containers security (related) here:
I'm asking this question on behalf of someone from another (Dutch) forum. Anyone seen this before and have any idea what is causing this? User is only running this container, and this disk activity only seems to hapen when this container is started: GitHub - qdm12/gluetun: VPN client in a...
www.synoforum.com