force iptables to log into own logfile

Posted on 1. Mai 2013 by Hödlmoser

as Andrea described there is an easy way to force iptables to log into its own logfile. I’d like to sum it up in this post.

you need to change all your log-prefixes to have a unique keyword, e.g. netfilter as I do in the following example.

iptables -A INPUT -j LOG --log-prefix "netfilter in: "

afterwards just add some filter conditions for rsyslogd. place a file called 10-iptables.conf into /etc/rsyslog.d/ with the following content.

:msg, contains, "netfilter"	/var/log/iptables.log
:msg, contains, "netfilter"	~

both lines match on every log message containing netfilter, but first line writes it to /var/log/iptables.log and second line drops it to avoid further processing.

a good idea will be to enable logrotating that you’ll not got fucked up by a full /var-filesystem. just copy paste rsyslogs logrotating config. place a file called iptables into /etc/logrotate.d/ with the following content.

/var/log/iptables.log
{
	rotate 4
	weekly
	missingok
	notifempty
	compress
	delaycompress
	sharedscripts
	postrotate
		invoke-rc.d rsyslog rotate > /dev/null
	endscript
}

Sidebar Support for the Twenty Eleven Theme

Posted on 7. April 2013 by Hödlmoser

due to one of my “customers” needs the WordPress Theme Twenty Eleven with Sidebar enabled I found the following solution, which is mainly based on the articel of Chris Aprea.

the recommended method of making changes to a WordPress Theme is by creating a child theme.

Continue reading →

IPv6 enabled OpenVPN

Posted on 9. März 2013 by Hödlmoser

if your OpenVPN is already connecting two or more IPv4 LANs its very easy to add IPv6.

just have a look on IPv6 Payload Patch for OpenVPN 2.1 and 2.2 for the new options.

get your own ULA at sixxs.net for the internal IPs of the OpenVPN server and client.

Continue reading →

SSL, TLS, HTTPS with StartSSL on Apache, Dovecot and Exim

Posted on 7. August 2012 by Hödlmoser

just some quick and dirty notes for myself on setting up SSL, TLS, HTTPS, … with StartSSL.

pre-requisites

get a cert as described in heise articel SSL für lau (english version: SSL for free).

Continue reading →

Monitoring OpenLDAP

Posted on 20. Juli 2012 by Hödlmoser

due to OpenLDAP went for on-line configuration (OLC) its not that easy to enable Monitoring.

Monitoring in this context here means to at least be able to run a Munin plugin to get nice graphs for OpenLDAP as I do here.

Continue reading →

Authentication via LDAP

Posted on 20. Juli 2012 by Hödlmoser

just a quick and dirty guide how to setup LDAP and Authentication via LDAP on Debian Wheezy boxes.

Continue reading →

autofahrer – die deppen der nation?

Posted on 29. Mai 2012 by Hödlmoser

Bild: Petra Bork / aboutpixel.de

angeregt durch einen programmhinweis auf das nächste “ORF-Bürgerforum” hab ich mich mit meiner mobilität und den daraus entstehenden kosten auseinandergesetzt und bereits in einem kommentar zu einem meiner artikel auf Google+ wiedergegeben.

Continue reading →

build your own basic Raspberry Pi Debian image

Posted on 19. Mai 2012 by Hödlmoser

Seems that I’m one of these lucky guys already received their Raspberry Pi. I ordered it from RS on the 5th and got it on the 10th of May. Posted my unboxing on Google+.

But which distribution should I install? There are many on the downloads page. First choice was the Debian image, because I’m a Debian fanboy! Impressive, but its not Wheezy.

Continue reading →

unterwegs mit der westbahn

Posted on 11. Dezember 2011 by Hödlmoser

am 11. 12. 2011 war das erste mal die westbahn unterwegs. ich war natürlich dabei.

Continue reading →

Hödlmosers' Hard- and SoftwareCuisine

just another hackers site

force iptables to log into own logfile

Sidebar Support for the Twenty Eleven Theme

IPv6 enabled OpenVPN

SSL, TLS, HTTPS with StartSSL on Apache, Dovecot and Exim

pre-requisites

Monitoring OpenLDAP

Authentication via LDAP

autofahrer – die deppen der nation?

build your own basic Raspberry Pi Debian image

unterwegs mit der westbahn