On Wed, Feb 02, 2000 at 04:04:08PM -0600, Pat Hayden wrote:
> Is there something more that I can do to receive more verbose logging?
> Also, do all NMAP scans slip under the radar of IPCHAINS?
Since the default ploicy of all chains does not include the possibility to
log, you need to add a "deny all" rule at the end of each chain and set the
log flag there. Then no packet which is rejected by ipchains should be
missed.
Some packets my be dropped by the kernel... some of the are droped silently,
some of them can be logged with
echo 1 > /proc/sys/net/ipv4/conf/all/log_martians
And of course you can see some of those packets increasing the SNMP Counters
(netstat -s).
Greetings
Bernd
--
(OO) -- [EMAIL PROTECTED] --
( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
o--o *plush* 2048/93600EFD eckes@irc +497257930613 BE5-RIPE
(O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
