From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ralph Churchill Subject: Re: simply confusing Date: Thu, 23 Jan 2003 12:40:57 -0800 (PST) Sender: netfilter-admin@lists.netfilter.org Message-ID: <20030123204057.27229.qmail@web11405.mail.yahoo.com> References: Mime-Version: 1.0 Return-path: In-Reply-To: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: Maciej Soltysiak Cc: netfilter@lists.netfilter.org Well, I added a logging rule before that: iptables -A INPUT --source 10.11.0.0/16 \ -j LOG --log-level info --log-prefix "iptables " But when ever something gets through, it isn't being logged either... If I do "iptables -L -v", then I see that both rules (first the LOG, then the DROP) have the same packet count. I can try using "-I" instead, but I'd also like to log, so how would I do that? Am I missing something fundamental? RMC --- Maciej Soltysiak wrote: > > iptables -A INPUT --source 192.168.0.0/16 -j DROP > > > > Now, shouldn't that block any and ALL traffic from > any > > computer on the 192.168.*.* subnet? > well that is enough to block all packets from that > subnet, > however, maybe you have other rules that accept > traffic before > this rule. > try -I INPUT to put it at the begining of the chain. > > Regards, > Maciej Soltysiak > __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com