Re: IPTABLES
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
A long time ago, in a galaxy far, far way, someone said...
> How do i get iptables to log packets that it DROPs?
No way directly. When I need log packets I use two nearly identical
iptables statements, like so when I block outgoing NetBIOS packets:
iptables -A OUTPUT -p tcp --dport 137:139 -j LOG
iptables -A OUTPUT -p tcp --dport 137:139 -j DENY
iptables -A OUTPUT -p udp --dport 137:139 -j LOG
iptables -A OUTPUT -p udp --dport 137:139 -j DENY
- --
- ----------------------------------------------------------------------
Phil Brutsche pbrutsch@tux.creighton.edu
GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC
GPG key id: 50DE1CFC
GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Made with pgp4pine
iD8DBQE7V7Be/ZTSZFDeHPwRArooAJ0eMJr+Z+OzZvAA7NyGD0ILm4pyeQCfZVxx
SRE9XROc4evt2ujARf3fALI=
=bGCn
-----END PGP SIGNATURE-----
Reply to: