README
$Id: README,v 1.1.1.1 2000/02/29 07:59:37 jeremy Exp $
*** IMPORTANT ***
Please do note that each of the fwsummary scripts (ipfwadm, ipchains, and iptables) are slightly different, so if you use the wrong one, you are going to get bad results or no results at all.
*** IMPORTANT ***
----------------------------------------------------------------------
What is fwsummary ?
---------------------------------------------------------------------
fwsummary.pl is a log parser that looks for ip* firewall messages then parses them out into time, src, src port, dest, dest port, and protocol. It reports to STDOUT unless given the --mail switch. Then it mails to the $mailto defined at the head of the file.
----------------------------------------------------------------------
Usage Notes
---------------------------------------------------------------------
If you only want to get the current day's log info, use the --daily switch. It can be used in conjunction with the --mail switch.
The --daily gets yesterday's logs, using --today in conjunction with --daily gets you only today's summary. I've added this info to the usage information.
For best results, it should run out of cron just prior to midnight.
An example of the cron entry might look like this:
# Run the nightly firewall summary script
58 23 * * * root /usr/local/sbin/fwsummary.pl --mail --daily
--- Iptables fwsummary.pl note ---
The fwsummary.pl for iptables by default parses on the keyword "Firewall". This gave a quick and dirty way to easily see what was getting caught in the firewall. Here's an example rule for setting that up: (Assuming iptables-restore is at work here...)
# Drop it all!
-A INPUT -p tcp -m tcp -s 0/0 -d 0/0 -j firewall
-A INPUT -p udp -m udp -s 0/0 -d 0/0 -j firewall
# Mark those caught in the firewall and drop them
-A firewall -m limit --limit 120/min -j LOG --log-prefix "Firewall:"
-A firewall -j DROP
Now, of course, those won't be the only rules, but it's an example to work from if you so desire. If you aren't using iptables-restore, you'll just have to add the full path (or variable of it) for iptables in a shell script. There are plenty of good examples for this sort of thing out on the net, including from the master himself, Rusty.
----------------------------------------------------------------------
Changing the installation location
----------------------------------------------------------------------
To change where fwsummary.pl installs, change this line in the
Makefile:
BINDIR=/usr/local/sbin
That's it. Simple, ain't it ?
----------------------------------------------------------------------
Contacting the author
----------------------------------------------------------------------
Please report bugs, code changes, feature requests, ideas, etc, to jeremy(-@-)aoct(-).org. If you just like the software, I'd love to know that, too. Don't be shy. :)