On 17 September 2003 12:56 Rakotomandimby Mihamina wrote: >#1 >I'm learning networks and i saw that there are some tools that send >"corrupted" packets to a host to have an idea of the local OS ( an exemple > is nmap ) . >I would like my firewall to drop all corrupted packets . >I made a search on google with the words " iptables drop corrupted > packets" but i cannot find any clear-enough documentation . There is a Netfilter Extension called "unclean" , which have the state of Experimental. You can try to use this one. Possible Checks are: packet lenght, packet checksum, lenght of a fragment if available, invalid icmp-codes, tcp/udp port 0 testing. >#2 >I would like iptables to log into /var/log/messages . >What have a got to configure into syslogd && iptables to do it ? >What rules have i got ad apply ? You can use the the target log along with a log-prefix and configure your syslogd to write all Kernel-Messages (Netfilter is Kernel based) to your /var/log/messages. iptables -A FORWARD -p tcp --dport 80 -s $EXTNET -d $WWW -j LOG --log-prefix WWW-Connection Greetings, Thorsten Scherf RHCE, RHCX
