David Lang wrote: > the iptables log module is probably not compiled in to your system. > hopefully you can just use opkg to install some additional module. > unfortunantly a quick google search isn't telling me what is in each > package. > > Ski Kacoroski wrote: > >I am trying to get my openwrt to log all traffic to certain > >devices in my house. The problem is that every time I add -j LOG > >to a rule, the rule is ignored and does not show up when I enter > >iptables --list. If I take out -j LOG the rule works. Any idea > >on what I am missing here?
Here's how I do it on a Linux 2.6.32-358.11.1.el6.centos.plus.x86_64 kernel (it also worked without the plus kernel IIRC). -A INPUT -p icmp -m icmp --icmp-type 5 -j LOG --log-prefix "ICMP_SRC_ROUTE_FAILED_5_" --log-level 6 -A INPUT -p icmp -m icmp --icmp-type 5 -j REJECT --reject-with icmp-host-prohibited -A INPUT -p icmp -m icmp --icmp-type 9 -j LOG --log-prefix "ICMP_NET_ADMIN_PROHIB_9_" --log-level 6 -A INPUT -p icmp -m icmp --icmp-type 9 -j REJECT --reject-with icmp-host-prohibited -A INPUT -p icmp -m icmp --icmp-type 10 -j LOG --log-prefix "ICMP_HOST_ADMIN_PROHIB_10_" --log-level 6 -A INPUT -p icmp -m icmp --icmp-type 10 -j REJECT --reject-with icmp-host-prohibited -A INPUT -p icmp -m icmp --icmp-type 4 -j LOG --log-prefix "ICMP_FRAG_REQ_BUT_DF_SET_4_" --log-level 6 -A INPUT -p icmp -m icmp --icmp-type 4 -j REJECT --reject-with icmp-host-prohibited Hope that helps, -- Charles Polisher _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
