On Sat, Jul 19, 2003 at 02:38:01PM -0300, Juliano Murlick wrote: > Hello ALL, > I need log all packet dropped on my firewall, how can i get it ? I know how > log all that i accept, like this: If I understand your question correctly: If you want to log the dropped packets only then you must allow the ones you want in the beginning of your rule set and the very last rule (right before the default DROP policy) must be LOG. Ramin > > iptables -A FORWARD -p tcp -s $REDELOCAL --sport 1024:65535 -d $SSHSRV > --sport 22 -j LOG > iptables -A FORWARD -p tcp -s $REDELOCAL --sport 1024:65535 -d $SSHSRV > --sport 22 -j ACCEPT > > i will LOG all packet from ssh connection, but i don't to log all packet > dropped, my default policy is DROP: > > iptables -P FORWARD DROP > > please, if anyone knows it ? tell me .... > > > Thanks in advance! > > Att, > Juliano Murlick > > > > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.500 / Virus Database: 298 - Release Date: 10/7/2003 >
