[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: why is DENY not enough?

On Tue, Jul 20, 2004 at 02:08:31PM -0400, Steve Melo wrote:
> Thank you all for your quick responses.  I was not aware that iptables had
> logging functionality.  How does this work? what would a logging rule look
> like and how can the logs be viewed?

Example from my iptables firewall shell script:

---snip---
# Create a (log+drop) chain
iptables -N eth2_in_last
iptables -A eth2_in_last -j LOG --log-level info --log-prefix "IPTABLES: drop-in "
iptables -A eth2_in_last -j DROP
---snap---

The above creates a new chain "eth2_in_last" which first sends a log
entry to the syslog (kern.log) and the DROPs the IP packet.

---snip---
iptables -A INPUT -i eth2 -j eth2_in_last
---snap---

The above calls my own chain for all packets in the INPUT chain from
interface eth2.

So basically you can create new chains to get new actions. Or the other
way round: you can collect multiple actions to create a new target
definition.

Hope this makes it clear.

 Christoph

-- 
~
~
".signature" [Modified] 3 lines --100%--                3,41         All
Reply to: