Le dim 12/10/2003 à 16:00, Ted Kaczmarek a écrit : > Is their a way to log the default INPUT and FORWARD policies for dropped > packets with them set to DROP as opposed to having them set to ACCEPT > and putting in logs for any deny rules. Logging in Netfilter does not behave as it used to with ipchains. You cannot log and drop within the same rule. Suppose you want to log and drop all UDP traffic : iptables -A INPUT -p udp -j LOG --log-prefix "UDP dropped : " iptables -A INPUT -p udp -j DROP LOG is a target (non terminating one). This said, if you want to log packets that hit chain policy, then you have to put a logging rule at the very end of the chain : iptables -A INPUT -j LOG "INPUT chain policy drop : " And you're done. -- http://www.netexit.com/~sid/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
