Continuing the discussion from Nethserver BDC and packet monitor:
NethServer Version: 7.3
Module: firewall
Is there any way to monitor packets blocked by the firewall / proxy by web console (only those blocked)?
I use logwatch. One of the sections it produces every night is this:
--------------------- iptables firewall Begin ------------------------
Listed by source hosts:
Dropped 2547 packets on interface eno1
From 1.34.119.51 - 1 packet to tcp(23)
From 1.34.180.90 - 1 packet to tcp(23)
From 1.34.254.153 - 1 packet to tcp(23)
From 1.84.90.197 - 1 packet to tcp(1433)
From 1.85.4.102 - 1 packet to tcp(1433)
-- snip -- -- snip -- -- snip --
From 223.244.226.186 - 1 packet to tcp(23)
From 223.244.226.215 - 1 packet to tcp(23)
From 223.244.234.123 - 1 packet to tcp(23)
Listed by source hosts:
Rejected 19 packets on interface br0
From 192.168.0.2 - 2 packets to udp(5351)
From 192.168.0.56 - 3 packets to udp(34617)
From 192.168.0.64 - 14 packets to udp(34617,40496,60839)
---------------------- iptables firewall End -------------------------
Cheers.