Re: iptables logging
On Sun, Jul 22, 2001 at 08:18:34AM +0200, Matthias Richter wrote:
> You need to tell iptables which packages should be logged. For example:
>
> iptables -N log # This table logs and hands package over to "delete"
> iptables -N delete - This table rejects anything
>
> iptables -A INPUT <RULE> -j log # Rule to be logged
> iptables -A INPUT <RULE> -j delete # Rule not to be logged
>
> iptables -A log -j LOG --log-prefix "Rejected: " # be verbose in syslog
> iptables -A log -j delete # hand over package to "delete"
>
> iptables -A delete -j REJECT # gracefully reject package
>
> It would be bad to have iptables log everything by default --> man DOS
No not really, you can use limit-module and define at which rate in maximum
will you choose to LOG matching entries.
--
++ytti
Reply to: