PSAD and UFW

R7AF
R7AF used Ask the Experts™
on
I would like to install PSAD on a debian server to detect port scans. I found the following guide:
http://www.cyberciti.biz/faq/linux-detect-port-scan-attacks/

At the end of the installation tutorial there is an update for iptables. I use UFW, and I don't know if I can update iptables, or if I should use a special rule or configuration for UFW.

It has the following rules for iptables

iptables -A INPUT -j LOG
iptables -A FORWARD -j LOG 

Open in new window

How can I configure UFW to do this?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
unfortunatelly ufw has a bunch of configuration files and no documentation which explains them proper :-(

a quick&dirty hack would be to add following lines at top of  /etc/ufw/before.rules

-A INPUT -j LOG
-A FORWARD -j LOG
Top Expert 2007

Author

Commented:
Sorry, I closed that question a bit too early. It seems that if I add those lines at the top, the server gets really slow. If I add them at the end, before the "COMMIT" line, speed is OK, but I don't know if it works like that.
> .. if I add those lines at the top, the server gets really slow ...
why would you log all requests?

> If I add them at the end, before the "COMMIT" line, speed is OK, but I don't know if it works like that.
then all matching rules before will not logged except the matching rule logs itself.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial