> Well, I added a logging rule before that: > > iptables -A INPUT --source 10.11.0.0/16 \ > -j LOG --log-level info --log-prefix "iptables " > > But when ever something gets through, it isn't being > logged either... If I do "iptables -L -v", then I see > that both rules (first the LOG, then the DROP) have > the same packet count. > > I can try using "-I" instead, but I'd also like to > log, so how would I do that? Am I missing something fundamental? iptables -N log_drop iptables -A log_drop -j LOG --log-level info --log-prefix "ipt:log_drop " iptables -A log_drop -j DROP iptables -I INPUT 1 -s 10.11.0.0/16 -j log_drop What about this ? Rob
