On Tuesday 20 December 2005 09:29, Timothy J. Massey wrote: > > It adds 2 more logging lines, but it only affects the logging rules for > the 3 ports we're interested in, rather than the 65,000 or so that we're > not. Am I missing something?
Yes -- why in the world would you send traffic for the other 65,000 through this action in the first place? The intent of the original code on the web site is that we log accepted SSH traffic with a disposition of ACCEPT while we log the knocks and disables with a disposition of DROP (which is actually what happens). It is assumed that only traffic destined for *those three ports* will ever go through the chain. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
pgpKcxYnAcj76.pgp
Description: PGP signature
