[EMAIL PROTECTED] wrote: > Here is an alternative approach which I took. I think it is a little > easier. > > If you create a user defined chain something like the following: > > iptables -N log_droped > iptables -A log_droped -j LOG --log-level 1 --log-prefix "droped_::" > iptables -A log_droped -j DROP > > And make all your firewall rules that need to be dropped -j (jump) to > this chain then they will be logged at log-level 1 (Alert). > > Then, if you edit /etc/syslog.conf and append the following line: > kern.=alert -/var/log/firewall.log > (Nb. line up with tabs) > > Then syslog will log all logs at level alert to the separate file. Not > much else gets logged at level alert so it should be OK and not upset > other logging. > > Thus, the firewall will log to /var/log/firewall.log - just create this > file with touch. > > Hth. > Mark. >
Thanks for the good advice man, I re-wrote the core of my firewall last night. Using your advice I was able to seperate distinctive services into their own chain, filter the datagrams, and then jump all all wanted datagrams into the LOGNDROP chain. Now my script is a hell of a lot easier to follow and my logs are nice and neat. Sorry about the late reply, Stef
