How can I enable or setup log message in the iptables firewall?

Linux firewall, iptables has the capability to log network activity to the syslog system. This is very useful to detect problems as well as to generate reports of network activity. You can also use this to detect all intrusion detection or unwanted incoming/outgoing connections etc.


LOG module
To enable logging option you need to use LOG iptables/kernel module. It turn on kernel logging of matching packets. When this option is set for a rule, the Linux kernel will print some information on all matching packets (like most IP header fields) via the kernel log.

For example, drop all connection coming from hacker/cracker IP address and log them to syslog:

iptables -A INPUT -s -m limit –limit 5/m –limit-burst 7 -j LOG –log-prefix ‘** FW-DROP-HACKER **’

iptables -A INPUT -s -j DROP

Firewall rules are checked in a sequential manner So first you logged message with first rule and second rule drops the connection.


  • -m limit –limit 5/m: This will prevent excessive log data to /var/log/message file from being granted. The limit specified is 5/minute (it is maximum average matching rate). And a burst rate of 7 is specified (it is maximum initial number of packets to match).
  • –log-prefix ‘** FW-DROP-HACKER **’: This is nothing but log prefix to dropped rule. Useful to search using grep command:

# grep ‘** FW-DROP-HACKER **’ /var/log/message

LOG module supports other options, read man page of iptables for more information.

🐧 If you liked this page, please support my work on Patreon or with a donation.
🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source & DevOps topics via:
CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04

1 comment… add one
  • David Feb 4, 2010 @ 18:17

    Great information!

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.