Bill grabbed a keyboard and wrote:
>
> On Star Date Saturday 30 August 2003 11:17 am, David Guntner sent this
> sub-space message.
>>
>> I am trying to use "-j REJECT" because I want to reject the packet. I
>> also want to log it. However, I see that my problem was that I was
>> trying to do a "-j REJECT LOG --log-prefix ..." on the command, which
>> resulted in my getting an error message. Apparently you can't specify
>> both. Tell me, if I do it as *two* commands, one with "-j REJECT" and
>> one with "-j LOG", will *both* rules fire when an offending packet comes
>> in? I.E., will it reject the packet and then log it? Or will it only
>> act on whatever rule was entered first/last?
>
> Good question. Im still trying to see when I get a droped packet form an
> ip that I have set to have its packets droped when it trys to connect.
> Its an email server that has been sending out those .pif virus files. I
> get logs for everything but havnt seen any that say droped. Maybe someone
> here on the list knows whats up for that.
Well, I kept digging through the man page, and found a note that said that
if you want to log packets that you're rejecting, put in two rules. The
first one should be the LOG rule, then the second should be the DROP or
REJECT. So I guess the answer is found! :-)
>>> I also use colorlogs.pl to colorize my log while I am using tail -f
>>> this way I can see when I get a hit for iptables. I have it set for
>>> bright red and if someone logs in as root it set as blinking bright red
>>
>> That sounds like a useful utility. Where can I get it?
I could still use an answer to that last question. :-) I tried searching
freshmeat.net, but a search for colorlogs.pl didn't turn up anything. Do
you remember where you got it?
--Dave
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
