hi,
I have two situation where I need two targets in one rule .......
First one
iptables -N syn-flood
iptables -A syn-flood -m limit --limit ${synConns} --limit-burst ${synBurst} -j RETURN
iptables -A syn-flood -j DROP
iptables -A protect -p tcp --syn -j syn-flood
Now I want to be able to say :
iptables -A syn-flood -m limit --limit ${synConns} --limit-burst ${synBurst} -j LOG --log-prefix Synflood -j RETURN
i.e. I want to return and log the event of syn flooding.... Next I want to be able for this rule to handle per-IP syn-floods automaticaly
but not globaly as it is now. How do u do this ?!!
And as a side effect view which one is the flooder in the syslog..
The next thing I want to do is instead :
iptables -A FORWARD -t mangle -s x.x.x.0/24 -j MARK --set-mark 7
I want it to act like this :
iptables -A FORWARD -t mangle -s x.x.x.0/24 -j MARK --set-mark 7 -j RETURN
i.e. mark and return, 'cause I have hundred of such rules and it is useless to scan them all for all packets .....
tia
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
