Re: [iptables] How to both DROP and LOG
From: Mark Newby (mark.newby@ntlworld.com)Date: 05/19/02
- Next message: macefindu: "Re: [iptables] How to both DROP and LOG"
- Previous message: Derek Bradford: "Re: Puresecure portscan history question"
- In reply to: Harry Putnam: "[iptables] How to both DROP and LOG"
- Next in thread: macefindu: "Re: [iptables] How to both DROP and LOG"
- Reply: macefindu: "Re: [iptables] How to both DROP and LOG"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Mark Newby <mark.newby@ntlworld.com> Date: Sun, 19 May 2002 17:58:19 +0100
Harry Putnam wrote:
> Can a single iptables rule be given that will both DROP and LOG attempted
> connections?
>
> Or must it be done like below?
> iptables -I FORWARD -s $host -j DROP
>
> iptables -I FORWARD -s $host -j LOG
>
it has to be the other way around. when you -j LOG, the packet
continues through the chain, so the next one should be -j DROP.
personally, I've got these two as the last two rules in each of my
chains, but Luke's advice to create a dedicated rule that LOGs then
DROPs to be used wherever needed keeps things neeter.
mark
- Next message: macefindu: "Re: [iptables] How to both DROP and LOG"
- Previous message: Derek Bradford: "Re: Puresecure portscan history question"
- In reply to: Harry Putnam: "[iptables] How to both DROP and LOG"
- Next in thread: macefindu: "Re: [iptables] How to both DROP and LOG"
- Reply: macefindu: "Re: [iptables] How to both DROP and LOG"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
