Re: how to use -j DROPLOG in iptables?

To: debian-security@lists.debian.org, debian-user@lists.debian.org
Subject: Re: how to use -j DROPLOG in iptables?
From: Vineet Kumar <debian-user@virtual.doorstop.net>
Date: Thu, 9 May 2002 10:45:45 -0700
Message-id: <[🔎] 20020509174545.GB816@doorstop.net>
Mail-followup-to: debian-security@lists.debian.org, debian-user@lists.debian.org
In-reply-to: <[🔎] 20020509112329.3FAA.PAHUD@pahud.net>
References: <[🔎] 20020509112329.3FAA.PAHUD@pahud.net>

* Patrick Hsieh (pahud@pahud.net) [020508 20:24]:
> Hello,
> 
> When I use -j DROPLOG in iptables, my woody complains:
> iptables v1.2.6a: Couldn't load target `DROPLOG':/lib/iptables/libipt_DROPLOG.so: cannot open shared object file: No such file or directory
> 
> Try `iptables -h' or 'iptables --help' for more information.
> 

I've never seen DROPLOG; it's some kind of extension, no? What I have
seen people do is something like this:

iptables -N logndrop
iptables -A logndrop -j LOG
iptables -A logndrop -j DROP

and then use -j logndrop wherever they want to log and drop a packet.

Personally, I don't find it too much trouble to specify 2 lines (a log
and a drop) each time I want to discard a packet. It gives me the added
benefit of specifying a separate --log-prefix for each place in my
filter that things are dropped.

good times,
Vineet
-- 
Currently seeking opportunities in the SF Bay Area
Please see http://www.doorstop.net/resume.shtml

Attachment: pgpSjpfz17FHS.pgp
Description: PGP signature

Reply to:

References:
- how to use -j DROPLOG in iptables?
  - From: Patrick Hsieh <pahud@pahud.net>

Prev by Date: Re: register_globals in php4
Next by Date: Try with it....
Previous by thread: Re: how to use -j DROPLOG in iptables?
Next by thread: Fixing file system privileges
Index(es):
- Date
- Thread