Matthias Richter, 2001-Jul-22 08:18 +0200: > You need to tell iptables which packages should be logged. For example: > > iptables -N log # This table logs and hands package over to "delete" > iptables -N delete - This table rejects anything > > iptables -A INPUT <RULE> -j log # Rule to be logged > iptables -A INPUT <RULE> -j delete # Rule not to be logged > > iptables -A log -j LOG --log-prefix "Rejected: " # be verbose in syslog > iptables -A log -j delete # hand over package to "delete" > > iptables -A delete -j REJECT # gracefully reject package >
Thanks, this helps. I've got it logging now to syslog with a log prefix...nice! Now, I want these log messages to go to a different log file, other than /var/log/syslog. I'd like these "Refected: " log messages to go into /var/log/iptables.log instead. I can't figure out what changes to make to /etc/syslog.conf to make this happen. Any help is appreciated. jc -- Jeff Coppock Nortel Networks Systems Engineer http://nortelnetworks.com Major Accts. Santa Clara, CA
