The more I research the more I get confused. I am hoping someone will give me some direction.
I would like to set up a machine to do the following:
Flush all tables
Zero the packet and byte counters
Log each in, out, or transfer
Drop each in, out, or transfer
This should effectively kill ALL internet transactions, http, ftp, etc…
Please do not tell me to turn off the router. There are others plugged into the router. The specifications are to do the above only.
Part of my concern is opensuse does it two ways, yast and iptables. It appears that yast will not do this completely. Then, how would iptables-restore < file.txt be set up? Where would it be placed so that it does it on each boot?
I’m not sure what you’re trying achieve here but assume it is for learning? Anyway, taking you literally here - you want to drop (block) all traffic completely. You can do this on the fly with something like
But,
If you start with your last requirement (completely closed, deny all), that is how IPtables is supposed to be by default except for localhost(or you can write an explicit rule that denies all)… And if that is the case then you can disregard practically all you are asking about, ie flushing, zeroing of counters, transfers, logging of packets, etc.
If you want to monitor activity on your network interface, there are very, very many ways to do that, Googling something like “iptables monitoring” returns a multitude of hits, on the first page alone you should see at least 5 good hits, and within those articles there can be many tools.
The iptables examples here are excellent! And the 2/minute addition is even better. Thanks!
Another question,
Suppose there is a script on the LAN called lockdown. Most of the time lockdown is empty and does not do anything.
But, if there is an emergency declared, lockdown gets replaced with a script that has the above iptables commands to log and drop all. And everyone reboots.
So, certain computers would be set up to run lockdown at boot. Some computers would be ok to boot and connect, such as security computers used to monitor. Also, the computer room is locked, so it is not practical to just start pulling cables.
Which of the several opensuse boot scripts would it be appropriate to add the command to run the lockdown script?