From: Rob Carlson <rcarlson@kitchenandassociates.com>
To: netfilter@lists.netfilter.org
Subject: IPSet Log and drop.
Date: Thu, 21 Apr 2005 13:24:14 -0400 [thread overview]
Message-ID: <4267E1BE.9010303@kitchenandassociates.com> (raw)
Sorry if this is a dupe, the first one didn't seem
to go through...
I'm currently using ipset to block some large
blocks of addresses. It seems to be working well,
but a couple of rogue emails have gotten through.
This is not my concern right now, rather I would
like to see what _is_ being caught and try to
establish a pattern/ratio.
I've found that with vanilla IPTables, to log and
block one sets up two rules, first the LOG
statement, then immediately following, the DROP
statement. However since I am using a nethash in
IPSet, I wonder if this approach would work, or
whether scanning the hash twice to invoke each
operation would be counter to the reason for using
the IPset nethash.
I have created a nethash with my "undesirable"
address blocks, and then ran:
iptables -A testhash -m set --set testhash src -j DROP
Would it be counter-productive to have:
iptables -A testhash -m set --set testhash src -j LOG
iptables -A testhash -m set --set testhash src -j
DROP?
Thanks,
Rob
next reply other threads:[~2005-04-21 17:24 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-04-21 17:24 Rob Carlson [this message]
2005-04-21 18:15 ` IPSet Log and drop Jozsef Kadlecsik
2005-04-21 19:40 ` Taylor, Grant
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4267E1BE.9010303@kitchenandassociates.com \
--to=rcarlson@kitchenandassociates.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.