Logging only the first 20 packets of a new connection

Logging only the first 20 packets of a new connection

[Deepak Seshadri]

Hello everybody,

Could someone suggest how would I log only the first 15 or 20 packets of any
new connection?

Thanks in advance,

Deepak Seshadri

Re: Logging only the first 20 packets of a new connection

[Michael Gale]

Hello,

	I think you could use mark and limit to come up with something ... but 
why on the first 20 packets ??

I have a rule that logs all SYN packets coming from a certain end point 
that SNAT's ... so we can later track with PC made the connection if needed.

Michael.



Deepak Seshadri wrote:
> Hello everybody,
> 
> Could someone suggest how would I log only the first 15 or 20 packets of any
> new connection?
> 
> Thanks in advance,
> 
> Deepak Seshadri
> 
> 
> 

-- 
Michael Gale
Lan Administrator
Utilitran Corp.

I make better friends with those who think for them selves

Re: Logging only the first 20 packets of a new connection

[Harald Welte]

[-- Attachment #1: Type: text/plain, Size: 721 bytes --]

On Fri, Jan 07, 2005 at 01:29:28PM -0500, Deepak Seshadri wrote:
> Hello everybody,
> 
> Could someone suggest how would I log only the first 15 or 20 packets of any
> new connection?

this should now be possible using ipt_connbytes.

iptables -A FORWARD -j ULOG -m connbytes --connbytes 0:15 --connbytes-dir both --connbytes-mode packets

-- 
- Harald Welte <laforge@netfilter.org>             http://www.netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]