Taylor Robison wrote: > > I'm afraid it is not obvious to me WHY a log message is significant. You can use the --log-prefix to prefix a brief desciption or rule-id. > was the packet dropped, accepted or denied? > what rule was violated? > what about the connection cause the rule to be violated? Here's a sample chain of logging rules that use --log-prefix (based upon one or more examples/HOWTOs/docs about netfilter/iptables): iptables -N scan iptables -A scan -p tcp --tcp-flags ALL FIN,SYN -m limit \ --limit 10/minute -j LOG --log-prefix 'SYNFINSCAN ' iptables -A scan -p tcp --tcp-flags ALL ALL -m limit --limit 10/minute \ -j LOG --log-prefix 'XMASSCAN ' iptables -A scan -p tcp --tcp-flags FIN,ACK FIN -m limit \ --limit 10/minute -j LOG --log-prefix 'FINSCAN ' iptables -A scan -p tcp --tcp-flags ALL NONE -m limit --limit 10/minute \ -j LOG --log-prefix 'NULLSCAN ' iptables -A scan -p icmp -f -m limit --limit 10/minute -j LOG \ --log-prefix 'ICMPFRAG ' > I suppose there is an M out there I should be RTFing....perhaps someone > would be kind enough to point me in the right direction? http://www.netfilter.org/documentation/ is a sensible starting point. There are tons of examples and additional informational also available, google for those. -- M Taylor _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Thu Aug 14 2003 - 05:56:06 PDT