I usually just have a rule like logreject: $FW -I INPUT -p tcp --dport 110 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 5 -j LogReject1 # RULE: Logreject: $FW -N LogReject1 $FW -I LogReject1 -j LOG --log-level warn --log-prefix "RLIMIT[POP3]: $FW -I LogReject1 -j REJECT Jens Knoell wrote:
I've rate-limited the incoming connections to some ports. The rate limiting works, but it doesn't log to syslog... other non-rate-limiting rules where LOG targets exist work, so I know logging in principle works. What am I missing? No LOG target for this module? :) Rule: # POP3 (max 5 per minute) $FW -I INPUT -p tcp --dport 110 -i eth0 -m state --state NEW -m recent --set $FW -I INPUT -p tcp --dport 110 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 5 -j LOG --log-level warn --log-prefix "RLIMIT[POP3]: " $FW -I INPUT -p tcp --dport 110 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 5 -j REJECT Also, is there any advantage to use DROP instead of REJECT? Just curious.
-- Stephen Samuel +1(604)450-0066 samnospam@xxxxxxxxxxx http://www.bcgreen.com/ Powerful committed communication. Transformation touching the jewel within each person and bringing it to light. - : send the line "unsubscribe linux-admin" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
