Chain Policy DROP versus ACCEPT and logging

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I have seen many setups where the default CHAIN Policy is to accept
packets by default versus dropping them. 
>From my perspective a firewall should implicitly deny everything, hence 
INPUT and FORWARD should be DROP. 
Then rules are put in to allow what you want. 
But, one seems to lose some logging capabilities with such a setup.
Is their a way to log the default INPUT and FORWARD policies for dropped
packets with them set to DROP as opposed to having them set to ACCEPT
and putting in logs for any deny rules.

Thanks,
Ted
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux