Hello everybody, I'm currently using iptables v1.2.5 on a redhat linux 7.3 machine to block new incoming requests on my internet router (dial on demand via ISDN). TCP requests are answered with a ICMP-Port-Unreachable, and all the rest is DROPPED by the default policy. The thing is, I'd like to log all portscans from the "outer world", just to know who's interested in my system :-) I got scanlogd, compiled and installed it, and it really works fine, as long as the iptables rules are down and the default policy is ACCEPT. But when I put in all my rules, the scanlogd doesn't log any portscans from the internet. I think that is because the packets are already dropped in the kernel by the iptables module, am I right?? And know my question is if there's a chance to log portscans (maybe also the different kinds??) via some iptables-rules, an extra iptables-module or any other tool?? I hope that somebody knows something about it, because I think it's very nice to see how much people try to find holes in any system...it's already quite interesting to review the Apache-Logs everyday, with peoples thinking there's an IIS running on my system :-))) Thanks in advance for your tips!!! Greetings Sven
