hi, my iptables config can be reduced to the following example, which let's ssh pass and drops everything else.
iptables -P INPUT DROP iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p tcp --dport ssh -j ACCEPT iptables -A INPUT -j LOG this works perfectly as i want it, but every now and then, i get portscanned, and my kern.log grows like 14Mb in size because of that LOG rule. using the limitig features of iptables, i can say iptables -A INPUT -j LOG -m limit --limit 5/minute --limit-burst 5 to make it show a max. of 5/minute with an initial burst of 5. however, this way, a lot of information will be lost. granted, portscans can only be limited that way, but i am wondering if there's a method to limit logs for a specific type of package (i.e. same destination socket) only? like commercial products (e.g. FW-1) do. any clues? -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] "may your future be limited only by your dreams." -- christa mcauliffe
pgpUB85N8lYHa.pgp
Description: PGP signature
