[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: iptables logging

Jeff Coppock wrote on Sat Jul 21, 2001 at 10:59:08PM:
>    What does syslog recognize as iptables log messages?  I tried
>    putting iptable.* in syslog.conf, but I'm not seeing messages.

You need to tell iptables which packages should be logged. For example:

iptables -N log # This table logs and hands package over to "delete"
iptables -N delete - This table rejects anything

iptables -A INPUT <RULE> -j log # Rule to be logged
iptables -A INPUT <RULE> -j delete # Rule not to be logged

iptables -A log -j LOG --log-prefix "Rejected: " # be verbose in syslog
iptables -A log -j delete # hand over package to "delete"

iptables -A delete -j REJECT # gracefully reject package

It would be bad to have iptables log everything by default --> man DOS

Matthias Richter --+- stud. soz. & inf. -+-- http://www.uni-leipzig.de
-->    GPG Public Key: http://www.matthias-richter.de/gpg.ascii    <--

· Projekt Deutscher Wortschatz: <URL:http://wortschatz.uni-leipzig.de>

Attachment: pgp6UZvHG5rHA.pgp
Description: PGP signature

Reply to: