Hi and thank you for the answer Derick.... I set it as Iptables -t mangle -A PREROUTING ..... -j DROP ... I suppose Ill keep the packages rather far away from the "real" iptables chains that are used for filtering... critics? Regards, Edvin Seferovic -----Original Message----- From: Derick Anderson [mailto:danderson@xxxxxxxxx] Sent: Montag, 17. Oktober 2005 15:26 To: edvin.seferovic@xxxxxxx; netfilter@xxxxxxxxxxxxxxxxxxx Subject: RE: logging and droping bad tcp packets > Hi, > > > > I would like to log and drop bad TCP packets on all my > interfaces... but in my eyes it means that I would have to > write every rule three times. Is there a way to simplify this > or should I really write those rules for every interface.. or > can I just enter eth+ in the input chain for all my ethernet > interfaces? > > > Thank you in advance > > > > Regards, > > > > Edvin Seferovic > Just don't specify an interface and the rule will apply to all of them. Put the 'bad tcp packets' ruleset at the top of your INPUT/FORWARD chain (whichever is appropriate) before you start doing your interface specific rules. For purposes of logging (and are you planning to read the logs?) you won't be able to make an interface-specific label but otherwise everything should work fine. Derick Anderson
