From: "Leonardo Rodrigues" <leolistas@solucoesip.net>
To: Antony Stone <Antony@Soft-Solutions.co.uk>, netfilter@lists.samba.org
Subject: Re: How to ACCEPT or DENY or DROP and also LOG in the same rule ?
Date: Thu, 4 Jul 2002 12:18:52 -0300 [thread overview]
Message-ID: <019b01c2236e$1b62cdf0$3201a8c0@leonardo> (raw)
In-Reply-To: 200207041500.g64F0sU32109@vulcan.rissington.net
Short answer: you cant. ipchains '-l' options doesnt exists in iptables
Workaround: if you really need this to be done in one rule, you can
create a chain with those two commands and them use it.
iptables -N log_drop
iptables -A log_drop -j LOG --log-prefix "blabla: " .....
iptables -A log_drop -j DROP
then, in your other chains, when you need something to be dropped and
logged, you can do:
iptables -A INPUT -s something -d someaddress -j log_drop
This meets your 'requirements', as you're logging and dropping in the
SAME rule and you wont have unnecessary rules, as the 'log and drop' will be
created just once.
Of course, '-j log_drop' can be used all the times you need it .....
This should do the trick ..... in fact, you'll HAVE to do something like
this, as ipchains '-l' really doesnt exists here.
I think you should think how good this can be. For example. I have a
script firewall based on iptables and I have lots of 'log drop' rules. Which
one of them has a special log-prefix setting. I use each one of them in
different situations, so my log shows exactly the dropped packet and WHERE
it was dropped ( log-preffix ). I can easily know if a packet was dropped on
the forward rule, input rule ......
Sincerily,
Leonardo Rodrigues
----- Original Message -----
From: "Antony Stone" <Antony@Soft-Solutions.co.uk>
To: <netfilter@lists.samba.org>
Sent: Thursday, July 04, 2002 12:00 PM
Subject: Re: How to ACCEPT or DENY or DROP and also LOG in the same rule ?
> On Thursday 04 July 2002 3:54 pm, Ed Street wrote:
>
> > Hello,
> >
> > Actually you can:
> > Rule #1 is to log
> > Rule #2 is to deny
>
> The original question was: I want to both DENY and LOG *in the same rule*.
next prev parent reply other threads:[~2002-07-04 15:18 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-07-04 4:31 How to ACCEPT or DENY or DROP and also LOG in the same rule ? Orca J.
2002-07-04 5:53 ` Michael
2002-07-04 7:50 ` Antony Stone
2002-07-04 14:54 ` Ed Street
2002-07-04 15:00 ` Antony Stone
2002-07-04 15:04 ` Ed Street
2002-07-04 15:18 ` Leonardo Rodrigues [this message]
-- strict thread matches above, loose matches on Subject: below --
2002-07-04 4:56 George Vieira
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='019b01c2236e$1b62cdf0$3201a8c0@leonardo' \
--to=leolistas@solucoesip.net \
--cc=Antony@Soft-Solutions.co.uk \
--cc=netfilter@lists.samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.