Objective
Test our ability to manipulate firewall (iptables) and secure/limit our network traffic as desired.
Prerequisite: Completion of Check point 3
Scenario 0 – The client can connect to all services listed in the assignment specification and ONLY services listed in the assignment specification
#!/bin/bash #Flush iptables iptables -F #Set the policy to DROP iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP #Create the appropriate logging Chains iptables -N INPUT-ACCEPT iptables -N INPUT-DROP iptables -N OUTPUT-ACCEPT iptables -N OUTPUT-DROP iptables -N FORWARD-ACCEPT iptables -N FORWARD-DROP #Rules for INPUT-ACCEPT chain iptables -A INPUT-ACCEPT -j LOG --log-prefix "INPUT-ACCEPTED" iptables -A INPUT-ACCEPT -j ACCEPT #Rules for INPUT-DROP chain iptables -A INPUT-DROP -j LOG --log-prefix "INPUT-DROPPED" iptables -A INPUT-DROP -j DROP #Rules for OUPUT-ACCEPT chain iptables -A OUTPUT-ACCEPT -j LOG --log-prefix "OUTPUT-ACCEPTED" iptables -A OUTPUT-ACCEPT -j ACCEPT #Rules for OUTPUT-DROP chain iptables -A OUTPUT-DROP -j LOG --log-prefix "OUTPUT-DROPPED" iptables -A OUTPUT-DROP -j DROP #Rules for FORWARD-ACCEPT chain iptables -A FORWARD-ACCEPT -j LOG --log-prefix "FORWARD-ACCEPTED" iptables -A FORWARD-ACCEPT -j ACCEPT #Rules for FORWARD-DROP chain iptables -A FORWARD-DROP -j LOG --log-prefix "FORWARD-DROPPED" iptables -A FORWARD-DROP -j DROP #SSH/SCP to Router iptables -A INPUT -p tcp -s 195.165.8.0/26 --dport 2323 -m state --state NEW,ESTABLISHED,RELATED -j INPUT-ACCEPT iptables -A OUTPUT -p tcp -d 195.165.8.0/26 --sport 2323 -m state --state ESTABLISHED,RELATED -j OUTPUT-ACCEPT #SSH/SCP to Server iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 4242 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 4242 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT #IIS iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 9393 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 9393 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT #Apache iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 8383 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 8383 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT #MySQL iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 3306 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 3306 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT #HMAIL IMAP iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 143 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 143 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT #HMAIL SMTP iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 25 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 25 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT #DNS iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 53 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 53 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT iptables -A FORWARD -p udp -s 195.165.8.0/26 --dport 53 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT iptables -A FORWARD -p udp -d 195.165.8.0/26 --sport 53 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT #DHCP iptables -A INPUT -p udp --dport 67:68 -m state --stateNEW,ESTABLISHED,RELATED -j INPUT-ACCEPT iptables -A OUTPUT -p udp --sport 67:68 -m state --stateNEW,ESTABLISHED,RELATED -j OUTPUT-ACCEPT iptables -A FORWARD -p udp --dport 67:68 -m state --stateNEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT iptables -A FORWARD -p udp --sport 67:68 -m state --stateESTABLISHED,RELATED -j FORWARD-ACCEPT #FTP UNENCRYPTED iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 21 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 21 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 20 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 20 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT
Scenario 1 – The client can connect to ONLY the following services:
- DHCP
- DNS
- SSH to the router
- IIS web server
- Mysql Web server
iptables Rules:
#!/bin/bash #Flush iptables iptables -F #Set the policy to DROP iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP #Create the appropriate logging Chains iptables -N INPUT-ACCEPT iptables -N INPUT-DROP iptables -N OUTPUT-ACCEPT iptables -N OUTPUT-DROP iptables -N FORWARD-ACCEPT iptables -N FORWARD-DROP #Rules for INPUT-ACCEPT chain iptables -A INPUT-ACCEPT -j LOG --log-prefix "INPUT-ACCEPTED" iptables -A INPUT-ACCEPT -j ACCEPT #Rules for INPUT-DROP chain iptables -A INPUT-DROP -j LOG --log-prefix "INPUT-DROPPED" iptables -A INPUT-DROP -j DROP #Rules for OUPUT-ACCEPT chain iptables -A OUTPUT-ACCEPT -j LOG --log-prefix "OUTPUT-ACCEPTED" iptables -A OUTPUT-ACCEPT -j ACCEPT #Rules for OUTPUT-DROP chain iptables -A OUTPUT-DROP -j LOG --log-prefix "OUTPUT-DROPPED" iptables -A OUTPUT-DROP -j DROP #Rules for FORWARD-ACCEPT chain iptables -A FORWARD-ACCEPT -j LOG --log-prefix "FORWARD-ACCEPTED" iptables -A FORWARD-ACCEPT -j ACCEPT #Rules for FORWARD-DROP chain iptables -A FORWARD-DROP -j LOG --log-prefix "FORWARD-DROPPED" iptables -A FORWARD-DROP -j DROP #SSH/SCP to Router iptables -A INPUT -p tcp -s 195.165.8.0/26 --dport 2323 -m state --state NEW,ESTABLISHED,RELATED -j INPUT-ACCEPT iptables -A OUTPUT -p tcp -d 195.165.8.0/26 --sport 2323 -m state --state ESTABLISHED,RELATED -j OUTPUT-ACCEPT #SSH/SCP to Server iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 4242 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-DROP iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 4242 -m state --state ESTABLISHED,RELATED -j FORWARD-DROP #IIS iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 9393 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 9393 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT #Apache iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 8383 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 8383 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT #MySQL iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 3306 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 3306 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT #Hmail IMAP iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 143 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-DROP iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 143 -m state --state ESTABLISHED,RELATED -j FORWARD-DROP #Hmail SMTP iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 25 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-DROP iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 25 -m state --state ESTABLISHED,RELATED -j FORWARD-DROP #DNS iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 53 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 53 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT iptables -A FORWARD -p udp -s 195.165.8.0/26 --dport 53 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT iptables -A FORWARD -p udp -d 195.165.8.0/26 --sport 53 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT #DHCP iptables -A INPUT -p udp --dport 67:68 -m state --stateNEW,ESTABLISHED,RELATED -j INPUT-ACCEPT iptables -A OUTPUT -p udp --sport 67:68 -m state --stateNEW,ESTABLISHED,RELATED -j OUTPUT-ACCEPT iptables -A FORWARD -p udp --dport 67:68 -m state --stateNEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT iptables -A FORWARD -p udp --sport 67:68 -m state --stateESTABLISHED,RELATED -j FORWARD-ACCEPT #Unencrypted FTP iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 21 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-DROP iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 21 -m state --state ESTABLISHED,RELATED -j FORWARD-DROP iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 20 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-DROP iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 20 -m state --state ESTABLISHED,RELATED -j FORWARD-DROP
Scenario 2 – The client can connect to all services except the following:
- SSH to the router
iptables Rules
#!/bin/bash #Flush iptables iptables -F #Set the policy to DROP iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP #Create the appropriate logging Chains iptables -N INPUT-ACCEPT iptables -N INPUT-DROP iptables -N OUTPUT-ACCEPT iptables -N OUTPUT-DROP iptables -N FORWARD-ACCEPT iptables -N FORWARD-DROP #Rules for INPUT-ACCEPT chain iptables -A INPUT-ACCEPT -j LOG --log-prefix "INPUT-ACCEPTED" iptables -A INPUT-ACCEPT -j ACCEPT #Rules for INPUT-DROP chain iptables -A INPUT-DROP -j LOG --log-prefix "INPUT-DROPPED" iptables -A INPUT-DROP -j DROP #Rules for OUPUT-ACCEPT chain iptables -A OUTPUT-ACCEPT -j LOG --log-prefix "OUTPUT-ACCEPTED" iptables -A OUTPUT-ACCEPT -j ACCEPT #Rules for OUTPUT-DROP chain iptables -A OUTPUT-DROP -j LOG --log-prefix "OUTPUT-DROPPED" iptables -A OUTPUT-DROP -j DROP #Rules for FORWARD-ACCEPT chain iptables -A FORWARD-ACCEPT -j LOG --log-prefix "FORWARD-ACCEPTED" iptables -A FORWARD-ACCEPT -j ACCEPT #Rules for FORWARD-DROP chain iptables -A FORWARD-DROP -j LOG --log-prefix "FORWARD-DROPPED" iptables -A FORWARD-DROP -j DROP #SSH/SCP to Router iptables -A INPUT -p tcp -s 195.165.8.0/26 --dport 2323 -m state --state NEW,ESTABLISHED,RELATED -j INPUT-DROP iptables -A OUTPUT -p tcp -d 195.165.8.0/26 --sport 2323 -m state --state ESTABLISHED,RELATED -j OUTPUT-DROP #SSH/SCP to Server iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 4242 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 4242 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT #IIS iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 9393 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 9393 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT #Apache iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 8383 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 8383 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT #MySQL iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 3306 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 3306 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT #Hmail IMAP iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 143 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 143 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT #Hmail SMTP iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 25 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 25 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT #DNS iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 53 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 53 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT iptables -A FORWARD -p udp -s 195.165.8.0/26 --dport 53 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT iptables -A FORWARD -p udp -d 195.165.8.0/26 --sport 53 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT #DHCP iptables -A INPUT -p udp --dport 67:68 -m state --stateNEW,ESTABLISHED,RELATED -j INPUT-ACCEPT iptables -A OUTPUT -p udp --sport 67:68 -m state --stateNEW,ESTABLISHED,RELATED -j OUTPUT-ACCEPT iptables -A FORWARD -p udp --dport 67:68 -m state --stateNEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT iptables -A FORWARD -p udp --sport 67:68 -m state --stateESTABLISHED,RELATED -j FORWARD-ACCEPT #Unencrypted FTP iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 21 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 21 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 20 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 20 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT
Scenario 3 – The client can connect to ONLY the following services:
- SCP
- Unencrypted FTP
- DHCP
- DNS
iptables Rules:
#!/bin/bash #Flush iptables iptables -F #Set the policy to DROP iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP #Create the appropriate logging Chains iptables -N INPUT-ACCEPT iptables -N INPUT-DROP iptables -N OUTPUT-ACCEPT iptables -N OUTPUT-DROP iptables -N FORWARD-ACCEPT iptables -N FORWARD-DROP #Rules for INPUT-ACCEPT chain iptables -A INPUT-ACCEPT -j LOG --log-prefix "INPUT-ACCEPTED" iptables -A INPUT-ACCEPT -j ACCEPT #Rules for INPUT-DROP chain iptables -A INPUT-DROP -j LOG --log-prefix "INPUT-DROPPED" iptables -A INPUT-DROP -j DROP #Rules for OUPUT-ACCEPT chain iptables -A OUTPUT-ACCEPT -j LOG --log-prefix "OUTPUT-ACCEPTED" iptables -A OUTPUT-ACCEPT -j ACCEPT #Rules for OUTPUT-DROP chain iptables -A OUTPUT-DROP -j LOG --log-prefix "OUTPUT-DROPPED" iptables -A OUTPUT-DROP -j DROP #Rules for FORWARD-ACCEPT chain iptables -A FORWARD-ACCEPT -j LOG --log-prefix "FORWARD-ACCEPTED" iptables -A FORWARD-ACCEPT -j ACCEPT #Rules for FORWARD-DROP chain iptables -A FORWARD-DROP -j LOG --log-prefix "FORWARD-DROPPED" iptables -A FORWARD-DROP -j DROP #SSH/SCP to Router iptables -A INPUT -p tcp -s 195.165.8.0/26 --dport 2323 -m state --state NEW,ESTABLISHED,RELATED -j INPUT-DROP iptables -A OUTPUT -p tcp -d 195.165.8.0/26 --sport 2323 -m state --state ESTABLISHED,RELATED -j OUTPUT-DROP #SSH/SCP to Server iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 4242 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 4242 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT #IIS iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 9393 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-DROP iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 9393 -m state --state ESTABLISHED,RELATED -j FORWARD-DROP #Apache iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 8383 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-DROP iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 8383 -m state --state ESTABLISHED,RELATED -j FORWARD-DROP #MySQL iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 3306 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-DROP iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 3306 -m state --state ESTABLISHED,RELATED -j FORWARD-DROP #Hmail IMAP iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 143 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-DROP iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 143 -m state --state ESTABLISHED,RELATED -j FORWARD-DROP #Hmail SMTP iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 25 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-DROP iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 25 -m state --state ESTABLISHED,RELATED -j FORWARD-DROP #DNS iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 53 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 53 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT iptables -A FORWARD -p udp -s 195.165.8.0/26 --dport 53 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT iptables -A FORWARD -p udp -d 195.165.8.0/26 --sport 53 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT #DHCP iptables -A INPUT -p udp --dport 67:68 -m state --stateNEW,ESTABLISHED,RELATED -j INPUT-ACCEPT iptables -A OUTPUT -p udp --sport 67:68 -m state --stateNEW,ESTABLISHED,RELATED -j OUTPUT-ACCEPT iptables -A FORWARD -p udp --dport 67:68 -m state --stateNEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT iptables -A FORWARD -p udp --sport 67:68 -m state --stateESTABLISHED,RELATED -j FORWARD-ACCEPT #Unencrypted FTP iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 21 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 21 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 20 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 20 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT
Log Script – Script should be able to search specific logged iptables traffic
Log Script:
#!/bin/bash echo -e "Start time (April 10 12:00): " read starttime echo -e "End time (April 10 12:00): " read endtime echo -e "PORT OR IP: " read portnumber echo -e "ACCEPTED OR DROPPED: " read status awk -v d1="$(date --date="$starttime" "+%b %_d %H:%M")" -v d2="$(date --date="$endtime" "+%b %_d %H:%M")" '$0 >d1 && $0 < d2 || $0 ~ d2' /var/log/messages | grep "$status" | grep "$portnumber"
Sample Script Output:
root@router:~/CheckPoint04# ./log Start time (April 10 12:00): April 20 11:13 End time (April 10 12:00): April 20 11:15 PORT-IP: 9393 ACCEPTED-DROPPED: ACCEPTED Apr 20 11:15:09 router kernel: [11077.214894] FORWARD-ACCEPTEDIN=eth1 OUT=eth3 MAC=00:0c:29:74:fc:65:00:0c:29:5e:f8:7a:08:00 SRC=195.165.8.2 DST=195.165.8.70 LEN=52 TOS=0x02 PREC=0x00 TTL=127 ID=25616 DF PROTO=TCP SPT=49330 DPT=9393 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 Apr 20 11:15:09 router kernel: [11077.215018] FORWARD-ACCEPTEDIN=eth3 OUT=eth1 MAC=00:0c:29:74:fc:79:00:0c:29:41:bf:bd:08:00 SRC=195.165.8.70 DST=195.165.8.2 LEN=52 TOS=0x02 PREC=0x00 TTL=127 ID=14839 DF PROTO=TCP SPT=9393 DPT=49330 WINDOW=8192 RES=0x00 ECE ACK SYN URGP=0 Apr 20 11:15:09 router kernel: [11077.215369] FORWARD-ACCEPTEDIN=eth1 OUT=eth3 MAC=00:0c:29:74:fc:65:00:0c:29:5e:f8:7a:08:00 SRC=195.165.8.2 DST=195.165.8.70 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=25618 DF PROTO=TCP SPT=49330 DPT=9393 WINDOW=2053 RES=0x00 ACK URGP=0 Apr 20 11:15:09 router kernel: [11077.218468] FORWARD-ACCEPTEDIN=eth1 OUT=eth3 MAC=00:0c:29:74:fc:65:00:0c:29:5e:f8:7a:08:00 SRC=195.165.8.2 DST=195.165.8.70 LEN=555 TOS=0x02 PREC=0x00 TTL=127 ID=25619 DF PROTO=TCP SPT=49330 DPT=9393 WINDOW=2053 RES=0x00 ACK PSH URGP=0 Apr 20 11:15:09 router kernel: [11077.219129] FORWARD-ACCEPTEDIN=eth3 OUT=eth1 MAC=00:0c:29:74:fc:79:00:0c:29:41:bf:bd:08:00 SRC=195.165.8.70 DST=195.165.8.2 LEN=182 TOS=0x02 PREC=0x00 TTL=127 ID=14840 DF PROTO=TCP SPT=9393 DPT=49330 WINDOW=2053 RES=0x00 ACK PSH URGP=0 Apr 20 11:15:09 router kernel: [11077.235019] FORWARD-ACCEPTEDIN=eth3 OUT=eth1 MAC=00:0c:29:74:fc:79:00:0c:29:41:bf:bd:08:00 SRC=195.165.8.70 DST=195.165.8.2 LEN=182 TOS=0x00 PREC=0x00 TTL=127 ID=14841 DF PROTO=TCP SPT=9393 DPT=49330 WINDOW=2053 RES=0x00 ACK PSH URGP=0 Apr 20 11:15:09 router kernel: [11077.235084] FORWARD-ACCEPTEDIN=eth1 OUT=eth3 MAC=00:0c:29:74:fc:65:00:0c:29:5e:f8:7a:08:00 SRC=195.165.8.2 DST=195.165.8.70 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=25620 DF PROTO=TCP SPT=49330 DPT=9393 WINDOW=2052 RES=0x00 ACK URGP=0 Apr 20 11:15:09 router kernel: [11077.235603] FORWARD-ACCEPTEDIN=eth1 OUT=eth3 MAC=00:0c:29:74:fc:65:00:0c:29:5e:f8:7a:08:00 SRC=195.165.8.2 DST=195.165.8.70 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=25621 DF PROTO=TCP SPT=49330 DPT=9393 WINDOW=2052 RES=0x00 ACK URGP=0 Apr 20 11:15:15 router kernel: [11082.973520] FORWARD-ACCEPTEDIN=eth1 OUT=eth3 MAC=00:0c:29:74:fc:65:00:0c:29:5e:f8:7a:08:00 SRC=195.165.8.2 DST=195.165.8.70 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=25633 DF PROTO=TCP SPT=49330 DPT=9393 WINDOW=2052 RES=0x00 ACK FIN URGP=0 Apr 20 11:15:15 router kernel: [11082.973877] FORWARD-ACCEPTEDIN=eth3 OUT=eth1 MAC=00:0c:29:74:fc:79:00:0c:29:41:bf:bd:08:00 SRC=195.165.8.70 DST=195.165.8.2 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=14842 DF PROTO=TCP SPT=9393 DPT=49330 WINDOW=2053 RES=0x00 ACK FIN URGP=0 Apr 20 11:15:15 router kernel: [11082.974565] FORWARD-ACCEPTEDIN=eth1 OUT=eth3 MAC=00:0c:29:74:fc:65:00:0c:29:5e:f8:7a:08:00 SRC=195.165.8.2 DST=195.165.8.70 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=25634 DF PROTO=TCP SPT=49330 DPT=9393 WINDOW=2052 RES=0x00 ACK URGP=0