Re: turning on verbose logging for iptables?

To: Jean Christophe ANDR?? <jean-christophe.andre@auf.org>, Debian Firewall List <debian-firewall@lists.debian.org>
Subject: Re: turning on verbose logging for iptables?
From: Dave Price <davep@kinaole.org>
Date: Wed, 17 Jul 2002 07:45:07 -0600
Message-id: <[🔎] 20020717074507.E15194@kinaole.org>
In-reply-to: <[🔎] 20020717133331.GB10321@virus.home>; from jean-christophe.andre@auf.org on Wed, Jul 17, 2002 at 08:33:31PM +0700
References: <[🔎] 20020717072527.B15194@kinaole.org> <[🔎] 20020717133331.GB10321@virus.home>

On Wed, Jul 17, 2002 at 08:33:31PM +0700, Jean Christophe ANDR?? wrote:
> 
> You may just need something like this :
> 
>   iptables -N LOGIT # special chain to log all except fragments
> 
>   iptables -A LOGIT -m state --state ESTABLISHED -j RETURN # don't log frags
>   iptables -A LOGIT -j LOG
>   iptables -A LOGIT -j RETURN
> 
>   iptables -I FORWARD -s $sourceIPtoSpy -j LOGIT
>   iptables -I FORWARD -d $sourceIPtoSpy -j LOGIT
> 
> It will not change anything in your firewall rules except it will log
> *everything* (except fragments) from that $sourceIPtoSpy.

Thanks!

Do I 'hard code' the sourceIPtoSpy ? ... Should that be the system
inside my LAN, or the remote VPN router?

aloha,
dave


-- 
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: turning on verbose logging for iptables?
  - From: Jean Christophe ANDRÃ? <jean-christophe.andre@auf.org>

References:
- turning on verbose logging for iptables?
  - From: Dave Price <davep@kinaole.org>
- Re: turning on verbose logging for iptables?
  - From: Jean Christophe ANDRÃ? <jean-christophe.andre@auf.org>

Prev by Date: Re: turning on verbose logging for iptables?
Next by Date: Re: turning on verbose logging for iptables?
Previous by thread: Re: turning on verbose logging for iptables?
Next by thread: Re: turning on verbose logging for iptables?
Index(es):
- Date
- Thread