Hi,
With ipchains I could have a rule like this: ipchains -A INPUT ... -j DENY -l <- and because of the "-l" I had log-messages of this rule in my /var/log/messages.
MA> iptables -A INPUT -j LOG
When I use this rule, I get *all* logging-informations about incoming traffic. But I want just the informations about the incoming traffic that is denied. In ipchains I did that for example like this: "ipchains -A INPUT -p tcp -d 0.0.0.0/0 23 -j DENY -l" - now I see all (denied) trys to make a telnet-connection.
I think you have to use 2 rules. One for logging, on for dropping the packet. At the first look this seems uncomfortable, but it is a powerful feature. Try: ipchains -A INPUT -p tcp -d 0.0.0.0/0 23 -j LOG --log-level warning --log-prefix "Telnet connect!" ipchains -A INPUT -p tcp -d 0.0.0.0/0 23 -j DROP Bye, Bodo