On Fri, Jan 14, 2011 at 10:20 AM, Thomas Graf <[email protected]> wrote: > This patch adds a new netfilter target which creates audit records > for packets traversing a certain chain. > > It can be used to record packets which are rejected administraively > as follows: > > -N AUDIT_DROP > -A AUDIT_DROP -j AUDIT --type DROP > -A AUDIT_DROP -j DROP > > a rule which would typically drop or reject a packet would then > invoke the new chain to record packets before dropping them. > > -j AUDIT_DROP > > The module is protocol independant and works for iptables, ip6tables > and ebtables. > > The following information is logged: > - netfilter hook > - packet length > - incomming/outgoing interface > - MAC src/dst/proto for ethernet packets > - src/dst/protocol address for IPv4/IPv6 > - src/dst port for TCP/UDP/UDPLITE > - icmp type/code > > Cc: Patrick McHardy <[email protected]> > Cc: Eric Paris <[email protected]> > Cc: Al Viro <[email protected]> > Signed-off-by: Thomas Graf <[email protected]>
>From an audit PoV feel free to add Acked-by: Eric Paris <[email protected]> -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
