renamed to troubleshoot.log & KDE connect & more clutter rules

iptables.up.rules

@@ -137,20 +137,23 @@
 -A INPUT -p tcp -m tcp --sport 1716 --dport 59442 -j ACCEPT -m comment --comment "KDE Conect"
 -A INPUT -d 255.255.255.255 -p udp -m udp --sport 32768:65535 --dport 1716 -j ACCEPT -m comment --comment "KDE Connect"
 -A INPUT -d 224.0.0.1 -j ACCEPT -m comment --comment "Multicast: All hosts, used by KDE Connect"
--A OUTPUT -p tcp -m tcp --sport 49152:65535 --dport 1716 -j ACCEPT -m comment --comment "KDE Connect"
+-A OUTPUT -p tcp -m tcp --sport 32768:65535 --dport 1716 -j ACCEPT -m comment --comment "KDE Connect"
 #-A INPUT -p udp -m udp --sport 57621 --dport 57621 -j ACCEPT
 #-A INPUT -d 224.0.0.251 -p udp -m udp --sport 5353 --dport 5353 -j ACCEPT -m comment --comment "KDE Connect"
 #-A OUTPUT -p udp -m udp --sport 1716 --dport 1716
+-A OUTPUT -p tcp -m tcp --sport 32768:65535 --dport 1739 -j ACCEPT -m comment --comment "KDE Connect" 
 
 # Attacks, crawls, scans, etc to clutter chain
 -A INPUT -p icmp -j clutter
 -A INPUT -s 0.0.0.0 -d 255.255.255.255 -j clutter -m comment --comment "Broadcast messages"
--A INPUT -d 224.0.0.1 -j clutter -m comment --comment "Multicast: All hosts"
+-A INPUT -d 224.0.0.1 -p igmp -j clutter -m comment --comment "Multicast: All hosts"
+-A OUTPUT -d 224.0.0.22 -p igmp -j clutter -m comment --comment "Multicast"
 -A INPUT -p udp -m udp --dport 19 -j clutter -m comment --comment "Character generator, looping to echo = DDoS"
 -A INPUT -p tcp -m tcp --dport 23 -j clutter
 -A INPUT -p udp -m udp --dport 53 -j clutter
 -A INPUT -p udp -m udp --dport 111 -j clutter -m comment --comment "Probe/fingerprint Nix OS"
--A INPUT -p udp -m udp --sport 137 --dport 137 -m comment --comment "NETBIOS Name Service"
+-A INPUT -p udp -m udp --sport 137 --dport 137 -j clutter -m comment --comment "NETBIOS Name Service"
+-A INPUT -p udp -m udp --sport 138 --dport 138 -j clutter -m comment --comment "NETBIOS Datagram Service"
 -A INPUT -p tcp -m tcp --dport 445 -j clutter -m comment --comment "MS-DS active directory"
 -A INPUT -p tcp -m tcp --dport 2323 -j clutter -m comment --comment "3d-nfsd"
 -A INPUT -p udp -m udp --dport 5060 -j clutter
@@ -158,7 +161,6 @@
 -A INPUT -p tcp -m tcp --dport 3389 -j clutter -m comment --comment "MS terminal server RDP"
 -A INPUT -p udp -m udp --sport 57621 --dport 57621 -j clutter -m comment --comment "Spotify client P2P"
 
-
 #-A INPUT -d 255.255.255.255 -p tcp -m tcp --sport 67 --dport 68 -j clutter -m comment --comment "DHCP"
 #-A INPUT -m iprange --dst-range 185.66.250.254-185.66.250.255 -j clutter
 #-A INPUT -m mac --mac-source d4:ca:6d:74:87:0d -j clutter

rsyslog.d/30-iptables.conf

@@ -10,7 +10,7 @@ if  ($syslogfacility-text == 'kern') and ($msg contains ' iptables rejected') th
 #if  ($syslogfacility-text == 'kern') and ($msg contains ' iptables ' and $msg contains ' DHCP') then    -/var/log/iptables/dhcp.log
 #    &   ~
 
-if  ($syslogfacility-text == 'kern') and ($msg contains ' iptables dropped' or $msg contains ' iptables rejected') then    -/var/log/iptables/block.log
+if  ($syslogfacility-text == 'kern') and ($msg contains ' iptables dropped' or $msg contains ' iptables rejected') then    -/var/log/iptables/troubleshoot.log
 #    &   ~
 
 if  ($syslogfacility-text == 'kern') and ($msg contains ' iptables clutter') then    -/var/log/iptables/clutter.log