OK. This is what I have loaded now.
/usr/local/sbin/iptables -P FORWARD DROP
/usr/local/sbin/iptables -A FORWARD -j LOG --log-prefix /var/iptablequeue/pre_queue
/usr/local/sbin/iptables -A FORWARD -p tcp --syn -m state --state NEW -j QUEUE
/usr/local/sbin/iptables -A FORWARD -p tcp -m state --state RELATED,ESTABLISHED -j QUEUE
/usr/local/sbin/iptables -A FORWARD -p udp -j QUEUE
/usr/local/sbin/iptables -A FORWARD -p icmp -j QUEUE
/usr/local/sbin/iptables -A FORWARD -j LOG --log-prefix /var/iptablequeue/post_queue
I should see some sort of log file in /var/iptablequeue/post_queue or /var/iptablequeue/pre_queue now? Should I try sending packets through the bridge to generate something?
----- Original Message ----- From: "Jason Opperisano" <opie@xxxxxxxxxxx>
To: <netfilter@xxxxxxxxxxxxxxxxxxx>
Sent: Friday, January 07, 2005 3:44 PM
Subject: Re: transparent bridge troubles?
On Fri, Jan 07, 2005 at 12:42:27PM -0800, Daniel Chemko wrote:Becomes
/usr/local/sbin/iptables -P FORWARD DROP /usr/local/sbin/iptables -A FORWARD -j LOG /usr/local/sbin/iptables -A FORWARD -p tcp --syn -m state --state NEW -j QUEUE /usr/local/sbin/iptables -A FORWARD -p tcp -m state --state RELATED,ESTABLISHED -j QUEUE /usr/local/sbin/iptables -A FORWARD -p udp -j QUEUE /usr/local/sbin/iptables -A FORWARD -p icmp -j QUEUE /usr/local/sbin/iptables -A FORWARD -j LOG
minor edit, for clarity sake:
/usr/local/sbin/iptables -P FORWARD DROP
/usr/local/sbin/iptables -A FORWARD -j LOG --log-prefix "PRE QUEUE: "
/usr/local/sbin/iptables -A FORWARD -p tcp --syn -m state --state NEW -j QUEUE
/usr/local/sbin/iptables -A FORWARD -p tcp -m state --state RELATED,ESTABLISHED -j QUEUE
/usr/local/sbin/iptables -A FORWARD -p udp -j QUEUE
/usr/local/sbin/iptables -A FORWARD -p icmp -j QUEUE
/usr/local/sbin/iptables -A FORWARD -j LOG --log-prefix "POST QUEUE: "
-j
-- "Be careful when we capture him! We cannot claim the reward unless we have 51% of the carcass" --The Simpsons
