On Tue, Aug 19, 2008 at 5:04 PM, Kenneth Porter <shiva@xxxxxxxxxxxxxxx> wrote: > --On Tuesday, August 19, 2008 10:15 AM -0500 David Dyer-Bennet > <dd-b@xxxxxxxx> wrote: > >> That's the right general approach; duplicate the drop rule but with a LOG >> target and appropriate logging parameters. > > Another approach is to create a subchain that just logs and drops (no match > rules), and in your main chain you match on the desired packet and jump to > the subchain. That eliminates the need to maintain the same match in two > places, and reduces the number of rules a non-dropped packet has to pass > through. > Could you post a sample, using the OP's example as a base? Thanks. mhr _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
Re: Simple IPTABLES Question
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: "CentOS mailing list" <centos@xxxxxxxxxx>
- Subject: Re: Simple IPTABLES Question
- From: MHR <mhullrich@xxxxxxxxx>
- Date: Tue, 19 Aug 2008 18:23:19 -0700
- Delivered-to: centos@xxxxxxxxxx
- In-reply-to: <A93DD342A56159DE6FA5C89D@xxxxxxxxx>
- References: <6627d3f40808190733o6da5e6a5h3ee637f3bd55ee96@xxxxxxxxxxxxxx> <48163.67.110.49.189.1219158939.squirrel@xxxxxxxxxxxxxxxx> <A93DD342A56159DE6FA5C89D@xxxxxxxxx>
- Follow-Ups:
- Re: Simple IPTABLES Question
- From: Filipe Brandenburger
- Re: Simple IPTABLES Question
- References:
- Simple IPTABLES Question
- From: Matt
- Re: Simple IPTABLES Question
- From: David Dyer-Bennet
- Simple IPTABLES Question
- Prev by Date: Re: Re: Where is cached memory going?
- Next by Date: Re: Simple IPTABLES Question
- Previous by thread: Re: Simple IPTABLES Question
- Next by thread: Re: Simple IPTABLES Question
- Index(es):
 |