iptable coding style
Hi,
i'm sorry this is rather a kind of newbie question, but there's nearly
no traffic on this list and i'm very busy these days, and i just
think perhaps someone could answer my questions within a few seconds
where i'd need hours to search the manuals...
This is a simple samll PC homenet (mixed wlan / lan) and the router
shipped with a standard firewall which is activated, but i still track
the traffic on my PC, both for learning and also to recognize trojans
and the like on the others' windows boxes - i couldn't discourage them
from emule and they are not very careful, and we already had some router
'DOS' issues with botted machines
... this is a students dormitory :P
I managed to setup the routers syslog forwarding. However that's much
traffic (with up to 10 hits/s from outside) which i still had to sort
out. Instead, as compromise, the router mails log summaries now to my
local exim.
The matching iptables on my PC are,
-A INPUT -p tcp -m mac --mac-source 00:13:49:05:FE:27 -m tcp --dport
25 -j LOG --log-prefix "__MAIL__" --log-level 7
-A INPUT -p tcp -m mac --mac-source 00:13:49:05:FE:27 -m tcp --dport
25 -j ACCEPT
and i'd like thje kernel to leave the processing chain here, since
else the same stuff gets logged as general 'hit' a second time.
How can i do that ?
And there's a line for blocking non-local TCP like
iptables -A INPUT -p tcp --dport $param1 -s ! 127.0.0.1 -j REJECT
and by now i invoke this line with every port seperately ... is it also
possible to specify a port list like 21,22,80,111,631,866,8080,8081
in one iptables command line ?
This is a debian testintg/unstable, iptables v1.3.3, kernel 2.6.13.2
(customized)
TIA
micha
°
/\/
Reply to: