firewall:logging

Configure the firewall logging settings.

juggernaut --task=firewall:logging
Option
Value Default Description
--SYSLOG <1|0> 0 Log the login failure daemon messages to SYSLOG. You must have the perl module Sys::Syslog installed to use this option.
--DROP <DROP|REJECT> DROP The drop target for incoming iptables rules. REJECT will send back an error packet and DROP will not respond at all. REJECT provides extra information to a hacker and lets them know that a firewall is blocking their attempts while DROP hangs their connection.
--DROP_OUT <DROP|REJECT> REJECT This can be set to either DROP or REJECT as with DROP, however as such connections are from this server it is better to REJECT connections to closed ports rather than to DROP them. This helps to immediately free up server resources rather than tying them up until a connection times out. It also tells the process making the connection that it has immediately failed.
--DROP_LOGGING <1|0> 1 Enable logging of dropped connections to blocked ports to syslog. This option is required use port scan tracking.
--DROP_IP_LOGGING <1|0> 0 Enable logging of dropped incoming connections from blocked IP addresses. This option is disabled if you enable port scan tracking.
--DROP_OUT_LOGGING <1|0> 1 Enable logging of dropped outgoing connections. Where available, these logs will also include the UID connecting out which can help track abuse. Note: Only outgoing SYN packets for TCP connections are logged, other protocols log all packets. We recommend that you enable this option.
--DROP_UID_LOGGING <1|0> 1 Together with DROP_OUT_LOGGING enabled, this option logs the UID connecting out (where available) which can help track abuse.
--DROP_ONLYRES <1|0> 0 Only log reserved port dropped connections. Ports 0 through 1023.
--DROP_NOLOG <digit1,digit2> 23,67,68,111,113,135:139,445,500,513,520 Do not log these blocked ports.
--DROP_NOLOG_add <digit> Add a single entry to DROP_NOLOG.
--DROP_NOLOG_del <digit> Remove a single entry from DROP_NOLOG.
--DROP_PF_LOGGING <1|0> 0 Log packets dropped by the packet filtering option PACKET_FILTER
--CONNLIMIT_LOGGING <1|0> 0 Log packets dropped by the Connection Limit Protection option CONNLIMIT. If this is enabled and Port Scan Tracking (PS_INTERVAL) is also enabled, IP addresses breaking the Connection Limit Protection will be blocked.
--UDPFLOOD_LOGGING <1|0> 1 Enable logging of UDP floods. This should be enabled, especially with User ID tracking enabled.
--default <yes> Reset all settings to their default values.
--default_option <option> Reset a specific setting to its default value.
--restart <yes> Restart the service after saving settings.

Examples

// enable SYSLOG
juggernaut --task=firewall:logging --SYSLOG=1 --restart=yes

// reset SYSLOG back to default
juggernaut --task=firewall:logging --default_option=SYSLOG --restart=yes

// reset all settings back to default
juggernaut --task=firewall:logging --default=yes --restart=yes