Good question. Im still trying to see when I get a droped packet form an ip that I have set to have its packets droped when it trys to connect. Its an email server that has been sending out those .pif virus files. I get logs for everything but havnt seen any that say droped. Maybe someone here on the list knows whats up for that.
On Star Date Saturday 30 August 2003 11:17 am, David Guntner sent this sub-space message. > Bill grabbed a keyboard and wrote: > > You can look on the web for iptables log which is where I found what I > > use. > > > > -A INPUT -i eth0 -p udp -m limit --limit 10/hour -j LOG --log-prefix > > "IPTABLES UDP-IN: " > > Ah, ok. Now I see what I was doing wrong. > > I am trying to use "-j REJECT" because I want to reject the packet. I > also want to log it. However, I see that my problem was that I was trying > to do a "-j REJECT LOG --log-prefix ..." on the command, which resulted in > my getting an error message. Apparently you can't specify both. Tell me, > if I do it as *two* commands, one with "-j REJECT" and one with "-j LOG", > will *both* rules fire when an offending packet comes in? I.E., will it > reject the packet and then log it? Or will it only act on whatever rule > was entered first/last? > > > I also use colorlogs.pl to colorize my log while I am using tail -f this > > way I can see when I get a hit for iptables. I have it set for bright red > > and if someone logs in as root it set as blinking bright red > > That sounds like a useful utility. Where can I get it? > > Thanks for the info! > > --Dave
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
