[LXD] Network ACL logging

turtle0x1 · January 25, 2022, 11:17pm

Apologies for the tone, thanks for the explanation. Will keep your explanation in mind when eventually implementing it

sdeziel · January 26, 2022, 1:33pm

This looks good to me, thanks!

stgraber · January 28, 2022, 12:32am

2022-01-27T00:01:51Z|proto=tcp, src=141.98.10.63, dst=45.45.148.3, src_port=34749, dst_port=22, action=reject
2022-01-27T00:05:29Z|proto=tcp, src=89.248.163.173, dst=45.45.148.3, src_port=41927, dst_port=22, action=reject
2022-01-27T00:20:06Z|proto=tcp, src=104.244.74.253, dst=45.45.148.3, src_port=39264, dst_port=22, action=reject
2022-01-27T00:21:52Z|proto=tcp, src=68.185.134.97, dst=45.45.148.3, src_port=53806, dst_port=22, action=reject
2022-01-27T00:23:29Z|proto=tcp, src=45.141.84.10, dst=45.45.148.3, src_port=13393, dst_port=22, action=reject
2022-01-27T00:23:29Z|proto=tcp, src=45.141.84.10, dst=45.45.148.3, src_port=13393, dst_port=22, action=reject
2022-01-27T00:33:26Z|proto=tcp, src=222.186.180.130, dst=45.45.148.3, src_port=9090, dst_port=22, action=reject
2022-01-27T00:40:08Z|proto=tcp, src=46.101.25.187, dst=45.45.148.3, src_port=50203, dst_port=22, action=reject
2022-01-27T00:55:34Z|proto=tcp, src=222.186.42.7, dst=45.45.148.3, src_port=9090, dst_port=22, action=reject
2022-01-27T01:04:56Z|proto=tcp, src=65.49.20.89, dst=45.45.148.3, src_port=39920, dst_port=22, action=reject
2022-01-27T01:10:23Z|proto=tcp, src=141.98.10.63, dst=45.45.148.3, src_port=38526, dst_port=22, action=reject
2022-01-27T01:31:53Z|proto=tcp, src=141.98.10.63, dst=45.45.148.3, src_port=34183, dst_port=22, action=reject
2022-01-27T01:32:23Z|proto=tcp, src=107.189.12.34, dst=45.45.148.3, src_port=51762, dst_port=22, action=reject
2022-01-27T01:43:14Z|proto=tcp, src=207.244.233.167, dst=45.45.148.3, src_port=43343, dst_port=22, action=reject
2022-01-27T02:15:06Z|proto=tcp, src=141.98.10.47, dst=45.45.148.3, src_port=43952, dst_port=22, action=reject
2022-01-27T02:29:12Z|proto=tcp, src=222.187.232.10, dst=45.45.148.3, src_port=9090, dst_port=22, action=reject
2022-01-27T02:31:42Z|proto=tcp, src=164.90.227.119, dst=45.45.148.3, src_port=37352, dst_port=22, action=reject
2022-01-27T02:34:35Z|proto=tcp, src=172.105.96.215, dst=45.45.148.3, src_port=41173, dst_port=22, action=reject
2022-01-27T02:36:53Z|proto=tcp, src=141.98.10.60, dst=45.45.148.3, src_port=48505, dst_port=22, action=reject
2022-01-27T02:45:37Z|proto=tcp, src=107.189.31.191, dst=45.45.148.3, src_port=22698, dst_port=22, action=reject
2022-01-27T03:11:40Z|proto=tcp, src=141.98.11.27, dst=45.45.148.3, src_port=52628, dst_port=22, action=reject
2022-01-27T03:39:29Z|proto=tcp, src=185.246.130.20, dst=45.45.148.3, src_port=20868, dst_port=22, action=reject
2022-01-27T03:39:29Z|proto=tcp, src=185.246.130.20, dst=45.45.148.3, src_port=20868, dst_port=22, action=reject
2022-01-27T03:40:24Z|proto=tcp, src=209.141.32.88, dst=45.45.148.3, src_port=41020, dst_port=22, action=reject
2022-01-27T03:53:29Z|proto=tcp, src=209.141.54.15, dst=45.45.148.3, src_port=2845, dst_port=22, action=reject
2022-01-27T04:02:36Z|proto=tcp, src=61.177.172.107, dst=45.45.148.3, src_port=45478, dst_port=22, action=reject
2022-01-27T04:17:29Z|proto=tcp, src=207.154.211.216, dst=45.45.148.3, src_port=49866, dst_port=22, action=reject
2022-01-27T04:32:56Z|proto=tcp, src=222.186.30.76, dst=45.45.148.3, src_port=9090, dst_port=22, action=reject
2022-01-27T04:36:06Z|proto=tcp, src=107.189.31.191, dst=45.45.148.3, src_port=3977, dst_port=22, action=reject
2022-01-27T04:38:25Z|proto=tcp, src=142.93.234.111, dst=45.45.148.3, src_port=51860, dst_port=22, action=reject
2022-01-27T05:02:50Z|proto=tcp, src=218.93.208.150, dst=45.45.148.3, src_port=9090, dst_port=22, action=reject
2022-01-27T05:16:17Z|proto=tcp, src=141.98.11.16, dst=45.45.148.3, src_port=49110, dst_port=22, action=reject
2022-01-27T05:17:50Z|proto=tcp, src=212.192.241.124, dst=45.45.148.3, src_port=44395, dst_port=22, action=reject
2022-01-27T05:17:57Z|proto=tcp, src=222.186.31.166, dst=45.45.148.3, src_port=9090, dst_port=22, action=reject
2022-01-27T05:27:19Z|proto=tcp, src=46.19.139.18, dst=45.45.148.3, src_port=35170, dst_port=22, action=reject
2022-01-27T05:58:47Z|proto=tcp, src=46.101.2.225, dst=45.45.148.3, src_port=61000, dst_port=22, action=reject
2022-01-27T05:59:55Z|proto=tcp, src=35.192.98.140, dst=45.45.148.3, src_port=9056, dst_port=22, action=reject
2022-01-27T06:11:53Z|proto=tcp, src=46.19.139.18, dst=45.45.148.3, src_port=47560, dst_port=22, action=reject
2022-01-27T06:19:32Z|proto=tcp, src=141.98.11.23, dst=45.45.148.3, src_port=39524, dst_port=22, action=reject
2022-01-27T06:20:29Z|proto=tcp, src=36.110.228.254, dst=45.45.148.3, src_port=34894, dst_port=22, action=reject
2022-01-27T06:22:13Z|proto=tcp, src=141.98.10.47, dst=45.45.148.3, src_port=33680, dst_port=22, action=reject
2022-01-27T06:40:33Z|proto=tcp, src=141.98.10.202, dst=45.45.148.3, src_port=57474, dst_port=22, action=reject
2022-01-27T06:45:12Z|proto=tcp, src=209.141.32.88, dst=45.45.148.3, src_port=35300, dst_port=22, action=reject
2022-01-27T06:52:04Z|proto=tcp, src=141.98.11.16, dst=45.45.148.3, src_port=34345, dst_port=22, action=reject
2022-01-27T07:01:01Z|proto=tcp, src=209.141.32.88, dst=45.45.148.3, src_port=39865, dst_port=22, action=reject
2022-01-27T07:05:22Z|proto=tcp, src=64.227.163.63, dst=45.45.148.3, src_port=57767, dst_port=22, action=reject
2022-01-27T07:07:31Z|proto=tcp, src=45.61.187.34, dst=45.45.148.3, src_port=2770, dst_port=22, action=reject
2022-01-27T07:10:29Z|proto=tcp, src=64.227.163.63, dst=45.45.148.3, src_port=56749, dst_port=22, action=reject
2022-01-27T07:21:49Z|proto=tcp, src=211.36.134.213, dst=45.45.148.3, src_port=37344, dst_port=22, action=reject
2022-01-27T07:32:34Z|proto=tcp, src=141.98.11.22, dst=45.45.148.3, src_port=36486, dst_port=22, action=reject
2022-01-27T07:36:25Z|proto=tcp, src=141.98.10.206, dst=45.45.148.3, src_port=36017, dst_port=22, action=reject
2022-01-27T07:36:48Z|proto=tcp, src=45.88.137.100, dst=45.45.148.3, src_port=11088, dst_port=22, action=reject
2022-01-27T07:37:43Z|proto=tcp6, src=2001:470:1:c84::e3, dst=2602:fc62:a:1::3, src_port=60003, dst_port=22, action=reject
2022-01-27T07:42:56Z|proto=tcp, src=121.40.150.147, dst=45.45.148.3, src_port=48409, dst_port=22, action=reject
2022-01-27T07:44:28Z|proto=tcp, src=117.119.79.107, dst=45.45.148.3, src_port=18442, dst_port=22, action=reject
2022-01-27T07:48:42Z|proto=tcp, src=205.185.120.164, dst=45.45.148.3, src_port=32380, dst_port=22, action=reject
2022-01-27T07:50:08Z|proto=tcp, src=89.248.163.173, dst=45.45.148.3, src_port=49776, dst_port=22, action=reject
2022-01-27T07:50:50Z|proto=tcp, src=221.131.165.65, dst=45.45.148.3, src_port=9090, dst_port=22, action=reject
2022-01-27T08:20:51Z|proto=tcp, src=92.63.197.94, dst=45.45.148.3, src_port=50641, dst_port=22, action=reject
2022-01-27T08:39:28Z|proto=tcp, src=222.186.42.7, dst=45.45.148.3, src_port=9090, dst_port=22, action=reject
2022-01-27T08:55:54Z|proto=tcp, src=222.186.180.130, dst=45.45.148.3, src_port=9090, dst_port=22, action=reject
2022-01-27T09:04:13Z|proto=tcp, src=39.153.143.55, dst=45.45.148.3, src_port=6849, dst_port=22, action=reject
2022-01-27T09:09:23Z|proto=tcp, src=45.129.56.151, dst=45.45.148.3, src_port=61000, dst_port=22, action=reject
2022-01-27T09:11:24Z|proto=tcp, src=141.98.10.47, dst=45.45.148.3, src_port=54355, dst_port=22, action=reject
2022-01-27T09:15:15Z|proto=tcp, src=141.98.10.63, dst=45.45.148.3, src_port=58961, dst_port=22, action=reject
2022-01-27T09:36:13Z|proto=tcp, src=141.98.11.23, dst=45.45.148.3, src_port=43202, dst_port=22, action=reject
2022-01-27T09:40:48Z|proto=tcp, src=45.88.137.253, dst=45.45.148.3, src_port=41478, dst_port=22, action=reject
2022-01-27T09:51:27Z|proto=tcp, src=107.189.29.142, dst=45.45.148.3, src_port=7856, dst_port=22, action=reject
2022-01-27T10:05:15Z|proto=tcp, src=192.241.213.80, dst=45.45.148.3, src_port=51805, dst_port=22, action=reject
2022-01-27T10:26:29Z|proto=tcp, src=141.98.10.63, dst=45.45.148.3, src_port=38865, dst_port=22, action=reject
2022-01-27T10:31:39Z|proto=tcp, src=222.187.232.10, dst=45.45.148.3, src_port=9090, dst_port=22, action=reject
2022-01-27T10:57:20Z|proto=tcp, src=164.90.156.240, dst=45.45.148.3, src_port=40954, dst_port=22, action=reject
2022-01-27T10:58:48Z|proto=tcp, src=198.23.149.111, dst=45.45.148.3, src_port=41204, dst_port=22, action=reject
2022-01-27T11:05:02Z|proto=tcp, src=167.248.133.21, dst=45.45.148.3, src_port=33895, dst_port=22, action=reject
2022-01-27T11:13:54Z|proto=tcp, src=141.98.10.63, dst=45.45.148.3, src_port=36319, dst_port=22, action=reject
2022-01-27T11:30:34Z|proto=tcp, src=167.172.189.205, dst=45.45.148.3, src_port=16500, dst_port=22, action=reject
2022-01-27T11:40:35Z|proto=tcp, src=89.248.173.131, dst=45.45.148.3, src_port=43503, dst_port=22, action=reject
2022-01-27T11:43:57Z|proto=tcp, src=46.101.178.37, dst=45.45.148.3, src_port=1966, dst_port=22, action=reject
2022-01-27T11:46:15Z|proto=tcp, src=141.98.10.63, dst=45.45.148.3, src_port=44375, dst_port=22, action=reject
2022-01-27T12:02:30Z|proto=tcp, src=89.248.163.173, dst=45.45.148.3, src_port=44926, dst_port=22, action=reject
2022-01-27T12:03:12Z|proto=tcp, src=141.98.10.47, dst=45.45.148.3, src_port=38931, dst_port=22, action=reject
2022-01-27T12:40:45Z|proto=tcp, src=222.186.30.76, dst=45.45.148.3, src_port=9090, dst_port=22, action=reject
2022-01-27T12:43:01Z|proto=tcp, src=217.93.243.47, dst=45.45.148.3, src_port=59870, dst_port=22, action=reject
2022-01-27T12:46:55Z|proto=tcp, src=218.93.208.150, dst=45.45.148.3, src_port=9090, dst_port=22, action=reject
2022-01-27T13:38:55Z|proto=tcp, src=222.186.31.166, dst=45.45.148.3, src_port=9090, dst_port=22, action=reject
2022-01-27T14:08:35Z|proto=tcp, src=141.98.10.60, dst=45.45.148.3, src_port=49879, dst_port=22, action=reject
2022-01-27T14:23:32Z|proto=tcp, src=45.94.0.53, dst=45.45.148.3, src_port=49696, dst_port=22, action=reject
2022-01-27T14:25:46Z|proto=tcp, src=193.3.19.178, dst=45.45.148.3, src_port=61000, dst_port=22, action=reject
2022-01-27T14:46:33Z|proto=tcp, src=141.98.10.82, dst=45.45.148.3, src_port=49909, dst_port=22, action=reject
2022-01-27T15:24:24Z|proto=tcp, src=141.98.11.16, dst=45.45.148.3, src_port=33193, dst_port=22, action=reject
2022-01-27T15:40:16Z|proto=tcp, src=192.241.211.201, dst=45.45.148.3, src_port=41783, dst_port=22, action=reject
2022-01-27T15:45:46Z|proto=tcp, src=221.131.165.65, dst=45.45.148.3, src_port=9090, dst_port=22, action=reject
2022-01-27T16:06:02Z|proto=tcp, src=141.98.10.63, dst=45.45.148.3, src_port=37131, dst_port=22, action=reject
2022-01-27T16:10:09Z|proto=tcp, src=138.199.32.100, dst=45.45.148.3, src_port=55464, dst_port=22, action=reject
2022-01-27T16:17:08Z|proto=tcp, src=212.192.241.124, dst=45.45.148.3, src_port=60419, dst_port=22, action=reject
2022-01-27T16:22:48Z|proto=tcp, src=222.186.42.7, dst=45.45.148.3, src_port=9090, dst_port=22, action=reject
2022-01-27T16:29:22Z|proto=tcp, src=141.98.11.16, dst=45.45.148.3, src_port=57879, dst_port=22, action=reject
2022-01-27T16:36:47Z|proto=tcp, src=141.98.11.16, dst=45.45.148.3, src_port=49515, dst_port=22, action=reject
2022-01-27T16:47:36Z|proto=tcp, src=46.19.139.18, dst=45.45.148.3, src_port=59288, dst_port=22, action=reject
2022-01-27T17:10:05Z|proto=tcp, src=219.146.152.154, dst=45.45.148.3, src_port=46527, dst_port=22, action=reject
2022-01-27T17:14:53Z|proto=tcp, src=178.73.215.171, dst=45.45.148.3, src_port=40117, dst_port=22, action=reject
2022-01-27T17:16:22Z|proto=tcp, src=46.19.139.18, dst=45.45.148.3, src_port=48886, dst_port=22, action=reject
2022-01-27T17:20:03Z|proto=tcp, src=222.186.180.130, dst=45.45.148.3, src_port=9090, dst_port=22, action=reject
2022-01-27T17:35:52Z|proto=tcp, src=89.248.173.131, dst=45.45.148.3, src_port=44887, dst_port=22, action=reject
2022-01-27T17:58:42Z|proto=tcp, src=45.88.137.100, dst=45.45.148.3, src_port=31550, dst_port=22, action=reject
2022-01-27T18:00:14Z|proto=tcp, src=141.98.10.47, dst=45.45.148.3, src_port=49525, dst_port=22, action=reject
2022-01-27T18:00:38Z|proto=tcp, src=205.185.120.140, dst=45.45.148.3, src_port=57087, dst_port=22, action=reject
2022-01-27T18:16:23Z|proto=tcp, src=141.98.11.16, dst=45.45.148.3, src_port=46170, dst_port=22, action=reject
2022-01-27T18:27:14Z|proto=tcp, src=62.8.79.2, dst=45.45.148.3, src_port=60000, dst_port=22, action=reject
2022-01-27T18:34:16Z|proto=tcp, src=222.187.232.10, dst=45.45.148.3, src_port=9090, dst_port=22, action=reject
2022-01-27T18:35:39Z|proto=tcp, src=164.90.156.240, dst=45.45.148.3, src_port=48533, dst_port=22, action=reject
2022-01-27T18:50:21Z|proto=tcp, src=85.209.0.186, dst=45.45.148.3, src_port=43024, dst_port=22, action=reject
2022-01-27T18:50:22Z|proto=tcp, src=85.209.0.186, dst=45.45.148.3, src_port=43024, dst_port=22, action=reject
2022-01-27T18:50:24Z|proto=tcp, src=85.209.0.186, dst=45.45.148.3, src_port=43024, dst_port=22, action=reject
2022-01-27T18:50:28Z|proto=tcp, src=85.209.0.186, dst=45.45.148.3, src_port=43024, dst_port=22, action=reject
2022-01-27T18:56:19Z|proto=tcp, src=141.98.11.16, dst=45.45.148.3, src_port=48959, dst_port=22, action=reject
2022-01-27T19:00:56Z|proto=tcp, src=141.98.11.22, dst=45.45.148.3, src_port=54577, dst_port=22, action=reject
2022-01-27T19:15:25Z|proto=tcp, src=46.19.139.18, dst=45.45.148.3, src_port=35562, dst_port=22, action=reject
2022-01-27T19:24:24Z|proto=tcp, src=183.201.193.63, dst=45.45.148.3, src_port=58914, dst_port=22, action=reject
2022-01-27T19:25:12Z|proto=tcp, src=46.19.139.18, dst=45.45.148.3, src_port=33099, dst_port=22, action=reject
2022-01-27T19:28:14Z|proto=tcp, src=104.244.79.120, dst=45.45.148.3, src_port=47220, dst_port=22, action=reject
2022-01-27T19:31:18Z|proto=tcp, src=141.98.11.27, dst=45.45.148.3, src_port=35867, dst_port=22, action=reject
2022-01-27T19:36:44Z|proto=tcp, src=89.248.163.173, dst=45.45.148.3, src_port=52162, dst_port=22, action=reject
2022-01-27T19:39:33Z|proto=tcp, src=141.98.10.63, dst=45.45.148.3, src_port=41229, dst_port=22, action=reject
2022-01-27T19:40:06Z|proto=tcp, src=164.90.227.119, dst=45.45.148.3, src_port=37707, dst_port=22, action=reject
2022-01-27T19:44:04Z|proto=tcp, src=61.177.172.107, dst=45.45.148.3, src_port=52779, dst_port=22, action=reject
2022-01-27T20:08:48Z|proto=tcp, src=141.98.10.63, dst=45.45.148.3, src_port=35711, dst_port=22, action=reject
2022-01-27T20:20:49Z|proto=tcp, src=104.129.8.135, dst=45.45.148.3, src_port=33128, dst_port=22, action=reject
2022-01-27T20:20:49Z|proto=tcp, src=34.138.157.247, dst=45.45.148.3, src_port=36362, dst_port=22, action=reject
2022-01-27T20:30:54Z|proto=tcp, src=218.93.208.150, dst=45.45.148.3, src_port=9090, dst_port=22, action=reject
2022-01-27T20:33:52Z|proto=tcp, src=85.221.160.242, dst=45.45.148.3, src_port=37065, dst_port=22, action=reject
2022-01-27T20:47:07Z|proto=tcp, src=76.177.197.140, dst=45.45.148.3, src_port=34299, dst_port=22, action=reject
2022-01-27T20:48:30Z|proto=tcp, src=222.186.30.76, dst=45.45.148.3, src_port=9090, dst_port=22, action=reject
2022-01-27T20:50:01Z|proto=tcp, src=180.97.83.146, dst=45.45.148.3, src_port=42594, dst_port=22, action=reject
2022-01-27T20:53:09Z|proto=tcp, src=141.98.10.202, dst=45.45.148.3, src_port=41752, dst_port=22, action=reject
2022-01-27T21:59:41Z|proto=tcp, src=222.186.31.166, dst=45.45.148.3, src_port=9090, dst_port=22, action=reject
2022-01-27T22:01:30Z|proto=tcp, src=69.163.82.74, dst=45.45.148.3, src_port=46325, dst_port=22, action=reject
2022-01-27T22:12:27Z|proto=tcp, src=141.98.11.16, dst=45.45.148.3, src_port=53722, dst_port=22, action=reject
2022-01-27T22:25:29Z|proto=tcp, src=141.98.10.60, dst=45.45.148.3, src_port=49165, dst_port=22, action=reject
2022-01-27T22:26:58Z|proto=tcp, src=141.98.10.47, dst=45.45.148.3, src_port=38069, dst_port=22, action=reject
2022-01-27T22:39:02Z|proto=tcp, src=45.88.137.253, dst=45.45.148.3, src_port=18498, dst_port=22, action=reject
2022-01-27T22:42:05Z|proto=tcp, src=141.98.11.22, dst=45.45.148.3, src_port=44319, dst_port=22, action=reject
2022-01-27T22:57:42Z|proto=tcp, src=124.79.245.13, dst=45.45.148.3, src_port=46678, dst_port=22, action=reject
2022-01-27T23:02:18Z|proto=tcp, src=49.88.112.109, dst=45.45.148.3, src_port=9090, dst_port=22, action=reject
2022-01-27T23:13:04Z|proto=tcp, src=141.98.10.63, dst=45.45.148.3, src_port=34825, dst_port=22, action=reject
2022-01-27T23:25:58Z|proto=tcp, src=141.98.11.16, dst=45.45.148.3, src_port=42361, dst_port=22, action=reject
2022-01-27T23:32:01Z|proto=tcp, src=141.98.11.23, dst=45.45.148.3, src_port=39385, dst_port=22, action=reject
2022-01-27T23:39:44Z|proto=tcp, src=89.248.163.173, dst=45.45.148.3, src_port=46783, dst_port=22, action=reject
2022-01-27T23:40:16Z|proto=tcp, src=221.131.165.65, dst=45.45.148.3, src_port=9090, dst_port=22, action=reject
2022-01-27T23:59:10Z|proto=tcp, src=31.7.57.130, dst=45.45.148.3, src_port=42311, dst_port=22, action=reject

Does that look readable enough?

sdeziel · January 28, 2022, 1:35pm

The tcp6 caught my attention, I’m used to tcp but maybe that’s a Go thing

When looking at Network ACL configuration - LXD documentation, I was reminded of icmp4 and icmp6 which require a slightly different treatment due to not using ports. Do you have an example output for ICMP?

stgraber · January 28, 2022, 2:02pm

It’s not a Go thing, it’s an OVN thing. I’m currently passing through the protocol as it’s logged by OVN.

For the source and destination ports, the fields are omitted when not present in the original log.

stgraber · January 28, 2022, 2:02pm

I’ll try an ICMP ACL to see what OVN will get us in this case.