On Wed, Jul 17, 2002 at 08:33:31PM +0700, Jean Christophe ANDR?? wrote: > > You may just need something like this : > > iptables -N LOGIT # special chain to log all except fragments > > iptables -A LOGIT -m state --state ESTABLISHED -j RETURN # don't log frags > iptables -A LOGIT -j LOG > iptables -A LOGIT -j RETURN > > iptables -I FORWARD -s $sourceIPtoSpy -j LOGIT > iptables -I FORWARD -d $sourceIPtoSpy -j LOGIT > > It will not change anything in your firewall rules except it will log > *everything* (except fragments) from that $sourceIPtoSpy.
Thanks! Do I 'hard code' the sourceIPtoSpy ? ... Should that be the system inside my LAN, or the remote VPN router? aloha, dave -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
