Hello,
I think you could use mark and limit to come up with something ... but why on the first 20 packets ??
I have a rule that logs all SYN packets coming from a certain end point that SNAT's ... so we can later track with PC made the connection if needed.
Michael.
Deepak Seshadri wrote:
Hello everybody,
Could someone suggest how would I log only the first 15 or 20 packets of any new connection?
Thanks in advance,
Deepak Seshadri
-- Michael Gale Lan Administrator Utilitran Corp.
I make better friends with those who think for them selves
