Ashley M. Kirchner wrote:
One of our offices has several network ranges blocked in iptables
(essentially '-A INPUT -s www.xxx.yyy.zzz/aa -j DROP'). What I'd like
to do is create a log entry each time a packet is dropped, IF it matches
any of those networks. I think I need to assign all of those networks
to a "group" and then log dropped packets from that group only. And
while I realize this might have other ramifications, such as logs
growing exponentially, for now we're taking small steps. Later on I can
then look for things like logging the same IP only once...
So how do I tell iptables to create a group or name, or whatever it's
I wish people would learn to google "how to" what I want to know, so in
this case
http://www.google.com/search?q=%22how+to%22+iptables&start=0&start=0&ie=utf-8&oe=utf-8&client=mozilla&rls=org.mozilla:en-US:unofficial
or
http://www.google.com/search?num=100&hl=en&c2coff=1&safe=active&client=mozilla&rls=org.mozilla%3Aen-US%3Aunofficial&q=%22how+to%22+log+drop+iptables&btnG=Search
I'm surprised netfilter doesn't come close to the top:
07:42 [summer@numbat ~]$ rpm -qif /sbin/iptables
Name : iptables Relocations: /usr
Version : 1.3.5 Vendor: Scientific Linux
Release : 1.2.1 Build Date: Sun Mar 25
02:55:15 2007
Install Date: Fri Jun 15 10:36:39 2007 Build Host: norob.fnal.gov
Group : System Environment/Base Source RPM:
iptables-1.3.5-1.2.1.src.rpm
Size : 559481 License: GPL
Signature : DSA/SHA1, Sat Apr 14 06:14:35 2007, Key ID da6ad00882fd17b2
URL : http://www.netfilter.org/
which also gives a hint about useful reading material.
Cheers
John
-- spambait
1aaaaaaa@xxxxxxxxxxxxxxxx Z1aaaaaaa@xxxxxxxxxxxxxxxx
Please do not reply off-list
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
