Hi
I wish to create and use a new chain which logs all DROP packets, but
after DROP rules i must write ACCEPT rules too.
All DROP packets (not ALLOWED ones) have to be logged.
I wish to open the comunications between 192.168.1.0/24 and 192.168.1.254.
All packets between 192.168.1.0/24 and 192.168.1.254 haven't to be logged.
I tried to do this:
iptables -N LOG_DROP
iptables -A LOG_DROP -j LOG --log-tcp-options --log-ip-options
--log-prefix '[IPTABLES DROP] : '
iptables -A LOG_DROP -j DROP
iptables -A INPUT -j LOG_DROP
iptables -A OUTPUT -j LOG_DROP
iptables -A FORWARD -j LOG_DROP
iptables -A LOG_DROP -s 192.168.1.0/24 -d 192.168.1.254/255.255.255.255
-j ACCEPT
iptables -A LOG_DROP -s 192.168.1.254/255.255.255.255 -d 192.168.1.0/24
-j ACCEPT
But it doesn't work.
Could you tell me how I can solve this problem, please?
Thank you very much
Bye
Mattia
