On Tue, Apr 27, 2004 at 07:26:52PM +0200, Jonas Meurer a écrit : > hello, Hello, > > After successfully setting up firehol, i get a log message to the > console i'm currently reading every time a remote machine tries to > connect my system. The log looks similar to: > IN-internet:IN=ppp0 OUT= MAC= SRC=62.75.128.97 DST=217.233.195.51 \ > LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=48754 PROTO=TCP SPT=59028 \ > DPT=321 WINDOW=3072 RES=0x00 SYN URGP=0 > > internet is the device name in firehol.conf and ppp0 is the interface > connected to the internet. > Generally, there is no problem with the log message, but in my opinion > it would be somehow better to redirect it to a firehol logfile, don't > you think so? > hey, do you know an iptables' match who is called ulog ?? ULOG is a kernel module whose development was made by http://www.gnumonks.org/projects/. It was especially conceived to receive the logs of Netfilter. There are some (small) constraints to use it: - Kernel >= 2.4.18-pre8 - Compilation option : CONFIG_IP_NF_TARGET_ULOG=m After compilation, you've got a module ipt_ULOG.o in your /lib/modules/<'uname -r'>/kernel/net/ipv4/netfilter Don't forget to install the ulogd daemon too : apt-get install ulogd In order to use it, you must change your iptables ruleset like this: (if you want to log all drops packets): iptables -t filter -P INPUT DROP iptables -t filter -A INPUT -p all -j ULOG --ulog-prefix=DROP Check your logs by : tail -f /var/log/ulogd/syslogemu Excuses me for my poor english language ... Best regards, @++ Ankill > I didn't find any information about that in the docs, only about > loglevel and iptables logging options, but anyway logging to screen > per > default isn't that moderate. > Is this a bug or a feature? And how can i turn it of? > > bye > jonas
Attachment:
signature.asc
Description: Digital signature