On Sat, 2003-08-30 at 10:44, Mark Weaver wrote:
> David Guntner wrote:
> > Jack Coates grabbed a keyboard and wrote:
> >
> >>On Fri, 2003-08-29 at 13:51, David Guntner wrote:
> >>
> >>>I'm setting up some iptables rules to block certain kinds of packets on
> >>>my ML 9.1 machine. The man page talks about logging options to have it
> >
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >
> >>>log to the syslog, but I can't seem to figure out the exact syntax to
> >>>make it work. No matter how I try, I keep getting a bad option message
> >>>in response. Does anyone know what the actual syntax is on an iptables
> >>>command to have it log when that particular reject rule is fired?
> >>>
> >>> --Dave
> >>
> >>man iptables
> >>/log
> >>keep hitting / until you see something helpful.
> >>
> >>there is a page full of options.
> >
> >
> > I already did that, hence the statement that "the man page talks about
> > logging options." :-) Problem is, there are no practical *examples* of
> > the syntax to use, and my reading of the section on logging didn't yield
> > anything I could use. Hence my request here for an example syntax to use.
> >
> >
> >>You've already got shorewall on there, it'll be a lot faster and safer
> >>to just use it.
> >
> >
> > Shorewall would be great if I wanted all kinds of fancy firewalling. But
> > I'm behind a DSL router and that takes care of the vast majority of my
> > needes. But I need to put three rules into iptables to take care of a
> > specific need. The rules are already in place, in fact. However, I would
> > like to be able to log traffic that's blocked if I can. So if you have
> > some information on what the correct syntax is, I would appreciate an
> > example - because I can't seem to come up with a syntax that works, going
> > off of the man page.
> >
An operating system would be great if I wanted all kinds of fancy
interaction with my computer, but I just want to read and write from the
disk. Can some explain how to hook into the BIOS? I've got an eeprom
writer, but I'm not sure how to use it.
[EMAIL PROTECTED] jack]$ grep -i LOG /usr/lib/shorewall/firewall | grep
iptables
run_iptables -A $chain $logpart
"Shorewall:$chain:$MACLIST_DISPOSITION:"
run_iptables -A $1 -j ULOG $LOGPARMS \
run_iptables -A $1 -j LOG $LOGPARMS \
run_iptables -A newnotsyn -j ULOG
run_iptables -A newnotsyn -j LOG \
run_iptables -A badpkt -p tcp $logoptions
--log-tcp-options
run_iptables -A badpkt -p ! tcp $logoptions
run_iptables -A logpkt -p tcp $logoptions --log-tcp-options
run_iptables -A logpkt -p ! tcp $logoptions
run_iptables -A $chain --match unclean -j logpkt
run_iptables -A logdrop -j `logdisp rfc1918`
run_iptables -A logdrop -j DROP
run_iptables -t mangle -N logdrop
run_iptables -t mangle -A logdrop -j `logdisp man1918`
run_iptables -t mangle -A logdrop -j DROP
run_iptables -A logflags -j ULOG $LOGPARMS \
run_iptables -A logflags -j LOG $LOGPARMS \
run_iptables -A logflags -j REJECT --reject-with
tcp-reset
run_iptables -A logflags -j $TCP_FLAGS_DISPOSITION
This tells you that it's building new chains for logging a single packet
(maybe without drop), logging with a drop, or logging with lots of
pres-set flags and a drop.
--
Jack Coates
Monkeynoodle: A Scientific Venture...
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
