* Logging only the first 20 packets of a new connection
@ 2005-01-07 18:29 Deepak Seshadri
2005-01-07 19:46 ` Michael Gale
2005-02-01 14:27 ` Harald Welte
0 siblings, 2 replies; 3+ messages in thread
From: Deepak Seshadri @ 2005-01-07 18:29 UTC (permalink / raw)
To: netfilter
Hello everybody,
Could someone suggest how would I log only the first 15 or 20 packets of any
new connection?
Thanks in advance,
Deepak Seshadri
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Logging only the first 20 packets of a new connection
2005-01-07 18:29 Logging only the first 20 packets of a new connection Deepak Seshadri
@ 2005-01-07 19:46 ` Michael Gale
2005-02-01 14:27 ` Harald Welte
1 sibling, 0 replies; 3+ messages in thread
From: Michael Gale @ 2005-01-07 19:46 UTC (permalink / raw)
To: Deepak Seshadri, netfilter
Hello,
I think you could use mark and limit to come up with something ... but
why on the first 20 packets ??
I have a rule that logs all SYN packets coming from a certain end point
that SNAT's ... so we can later track with PC made the connection if needed.
Michael.
Deepak Seshadri wrote:
> Hello everybody,
>
> Could someone suggest how would I log only the first 15 or 20 packets of any
> new connection?
>
> Thanks in advance,
>
> Deepak Seshadri
>
>
>
--
Michael Gale
Lan Administrator
Utilitran Corp.
I make better friends with those who think for them selves
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Logging only the first 20 packets of a new connection
2005-01-07 18:29 Logging only the first 20 packets of a new connection Deepak Seshadri
2005-01-07 19:46 ` Michael Gale
@ 2005-02-01 14:27 ` Harald Welte
1 sibling, 0 replies; 3+ messages in thread
From: Harald Welte @ 2005-02-01 14:27 UTC (permalink / raw)
To: Deepak Seshadri; +Cc: netfilter
[-- Attachment #1: Type: text/plain, Size: 721 bytes --]
On Fri, Jan 07, 2005 at 01:29:28PM -0500, Deepak Seshadri wrote:
> Hello everybody,
>
> Could someone suggest how would I log only the first 15 or 20 packets of any
> new connection?
this should now be possible using ipt_connbytes.
iptables -A FORWARD -j ULOG -m connbytes --connbytes 0:15 --connbytes-dir both --connbytes-mode packets
--
- Harald Welte <laforge@netfilter.org> http://www.netfilter.org/
============================================================================
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimentation was going
on while IP was being designed." -- Paul Vixie
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2005-02-01 14:27 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-01-07 18:29 Logging only the first 20 packets of a new connection Deepak Seshadri
2005-01-07 19:46 ` Michael Gale
2005-02-01 14:27 ` Harald Welte
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.