Hi! With ipchains I could have a rule like this: ipchains -A INPUT ... -j DENY -l <- and because of the "-l" I had log-messages of this rule in my /var/log/messages. How can this be done with iptables? Bye.
On Thu, May 24, 2001 at 04:13:50PM +0200, da_bug wrote:
Hi!
With ipchains I could have a rule like this: ipchains -A INPUT ... -j DENY -l <- and because of the "-l" I had log-messages of this rule in my /var/log/messages.
iptables -A INPUT -j LOG you can use optional: --log-level or --log-prefix ".." cya, Marco -- adconsys AG phone : +49-341-98-474-0 Karl-Liebknecht-Str. 19 fax : +49-341-98-474-59 04107 Leipzig/Germany url : http://www.adconsys.de/ gpg key: mail -s "get gpg key" marco.ahrendt@adconsys.de
Hi!
With ipchains I could have a rule like this: ipchains -A INPUT ... -j DENY -l <- and because of the "-l" I had log-messages of this rule in my /var/log/messages.
MA> iptables -A INPUT -j LOG When I use this rule, I get *all* logging-informations about incoming traffic. But I want just the informations about the incoming traffic that is denied. In ipchains I did that for example like this: "ipchains -A INPUT -p tcp -d 0.0.0.0/0 23 -j DENY -l" - now I see all (denied) trys to make a telnet-connection. ..so how can I do this with Netfilter/Iptables? Bye.
Hi,
With ipchains I could have a rule like this: ipchains -A INPUT ... -j DENY -l <- and because of the "-l" I had log-messages of this rule in my /var/log/messages.
MA> iptables -A INPUT -j LOG
When I use this rule, I get *all* logging-informations about incoming traffic. But I want just the informations about the incoming traffic that is denied. In ipchains I did that for example like this: "ipchains -A INPUT -p tcp -d 0.0.0.0/0 23 -j DENY -l" - now I see all (denied) trys to make a telnet-connection.
I think you have to use 2 rules. One for logging, on for dropping the packet. At the first look this seems uncomfortable, but it is a powerful feature. Try: ipchains -A INPUT -p tcp -d 0.0.0.0/0 23 -j LOG --log-level warning --log-prefix "Telnet connect!" ipchains -A INPUT -p tcp -d 0.0.0.0/0 23 -j DROP Bye, Bodo
ipchains -A INPUT -p tcp -d 0.0.0.0/0 23 -j LOG --log-level warning --log-prefix "Telnet connect!" ipchains -A INPUT -p tcp -d 0.0.0.0/0 23 -j DROP
If you have a default policy of drop, you can simply have rules for what you allow, and finally a catch all logging rule last, before the packets are dropped off the end of the chain. It seems to be more in tune with the philosophy of logging everything that get's through the rules. Rob
participants (4)
-
Bodo Meseke -
da_bug -
Marco Ahrendt -
Robert Davies