Re: turning on verbose logging for iptables?

To: debian-firewall@lists.debian.org
Subject: Re: turning on verbose logging for iptables?
From: Jean Christophe ANDRÃ? <jean-christophe.andre@auf.org>
Date: Wed, 17 Jul 2002 20:33:31 +0700
Message-id: <[🔎] 20020717133331.GB10321@virus.home>
In-reply-to: <[🔎] 20020717072527.B15194@kinaole.org>
References: <[🔎] 20020717072527.B15194@kinaole.org>

Dave Price écrivait :
> My hope is that iptable's log output can give me the clue I need to tell
> the other site what they need to open up on their end to get the
> connection to pass thru.

You may just need something like this :

  iptables -N LOGIT # special chain to log all except fragments

  iptables -A LOGIT -m state --state ESTABLISHED -j RETURN # don't log frags
  iptables -A LOGIT -j LOG
  iptables -A LOGIT -j RETURN

  iptables -I FORWARD -s $sourceIPtoSpy -j LOGIT
  iptables -I FORWARD -d $sourceIPtoSpy -j LOGIT

It will not change anything in your firewall rules except it will log
*everything* (except fragments) from that $sourceIPtoSpy.

Cheers, J.C.


-- 
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: turning on verbose logging for iptables?
  - From: Dave Price <davep@kinaole.org>

References:
- turning on verbose logging for iptables?
  - From: Dave Price <davep@kinaole.org>

Prev by Date: turning on verbose logging for iptables?
Next by Date: Re: turning on verbose logging for iptables?
Previous by thread: turning on verbose logging for iptables?
Next by thread: Re: turning on verbose logging for iptables?
Index(es):
- Date
- Thread