--On Tuesday, August 19, 2008 10:15 AM -0500 David Dyer-Bennet
<dd-b@xxxxxxxx> wrote:
That's the right general approach; duplicate the drop rule but with a LOG
target and appropriate logging parameters.
Another approach is to create a subchain that just logs and drops (no match
rules), and in your main chain you match on the desired packet and jump to
the subchain. That eliminates the need to maintain the same match in two
places, and reduces the number of rules a non-dropped packet has to pass
through.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
