Am 14.01.2011 23:24, schrieb Thomas Graf: > [Modifications based on Jan's comments: > - use %hu and %hhu for shorts. > - renamed xt_AUDIT_info to xt_audit_info > ] > > This patch adds a new netfilter target which creates audit records > for packets traversing a certain chain. > > It can be used to record packets which are rejected administraively > as follows: > > -N AUDIT_DROP > -A AUDIT_DROP -j AUDIT --type DROP > -A AUDIT_DROP -j DROP > > a rule which would typically drop or reject a packet would then > invoke the new chain to record packets before dropping them. > > -j AUDIT_DROP > > The module is protocol independant and works for iptables, ip6tables > and ebtables. > > The following information is logged: > - netfilter hook > - packet length > - incomming/outgoing interface > - MAC src/dst/proto for ethernet packets > - src/dst/protocol address for IPv4/IPv6 > - src/dst port for TCP/UDP/UDPLITE > - icmp type/code > Applied, thanks Thomas. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
