You need to log before dropping. > $IPTABLES -N syn-flood > $IPTABLES -A syn-flood -m limit --limit 50/s --limit-burst 104 -j RETURN $IPTABLES -A syn-flood -j LOG --log-prefix "DROPPED SYNFLOOD PKT: " > $IPTABLES -A syn-flood -j DROP > $IPTABLES -A OUTPUT -p tcp --syn -j syn-flood