From eb0d1b98bb574f0f7b569ece3dd107de77b228d9 Mon Sep 17 00:00:00 2001
From: fdupoux <fdupoux@users.sourceforge.net>
Date: Sun, 12 Jan 2020 12:35:58 +0000
Subject: [PATCH] Update iptables config to log dropped packets

---
 airootfs/etc/iptables/ip6tables.rules | 4 ++++
 airootfs/etc/iptables/iptables.rules  | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/airootfs/etc/iptables/ip6tables.rules b/airootfs/etc/iptables/ip6tables.rules
index eb365b7..4fa3ee5 100644
--- a/airootfs/etc/iptables/ip6tables.rules
+++ b/airootfs/etc/iptables/ip6tables.rules
@@ -2,7 +2,11 @@
 :INPUT DROP [0:0]
 :FORWARD DROP [0:0]
 :OUTPUT ACCEPT [0:0]
+-N LOGDROP
 -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 -A INPUT -i lo -j ACCEPT
 -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m conntrack --ctstate NEW -j ACCEPT
+-A INPUT -j LOGDROP
+-A LOGDROP -m limit --limit 10/sec -j LOG --log-prefix "iptables-dropped: "
+-A LOGDROP -j DROP
 COMMIT
diff --git a/airootfs/etc/iptables/iptables.rules b/airootfs/etc/iptables/iptables.rules
index d26940e..f672bcb 100644
--- a/airootfs/etc/iptables/iptables.rules
+++ b/airootfs/etc/iptables/iptables.rules
@@ -2,7 +2,11 @@
 :INPUT DROP [0:0]
 :FORWARD DROP [0:0]
 :OUTPUT ACCEPT [0:0]
+-N LOGDROP
 -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 -A INPUT -i lo -j ACCEPT
 -A INPUT -p icmp -m icmp --icmp-type 8 -m conntrack --ctstate NEW -j ACCEPT
+-A INPUT -j LOGDROP
+-A LOGDROP -m limit --limit 10/sec -j LOG --log-prefix "iptables-dropped: "
+-A LOGDROP -j DROP
 COMMIT