Limited logging by dest ip address

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I'm setting up a firewall on an embedded linux router/firewall with
limited (well relatively) log space.

I'd like to limit the firewall logging for dropped packets to 1 packet
per minute per destination ip address.

I can easily limit the logging to 1 per minute using
iptables -A LOGDROP -m limit --limit 1/min --limit-burst 1 -j LOG
--log-prefix "FW-DROP" --log-level warn

What I can't see an easy way to do is limit logging based on
destination IP address...

iplimit is more about limiting connections by address rather than
throttling the logging back and works on concurrent connections not
the number of connections in a given time period.

If I can easily limit logging by destination ip address and a time
period then fine, otherwise I'll just limit logging to a time period.

(Note: dest ip address is unknown so its in effect something akin to
pool based matching but I don't know the number of pools I'd need...)



-- 
Richard Horton
Users are like a virus: Each causing a thousand tiny crises until the
host finally dies.
http://www.solstans.co.uk - Solstans Japanese Bobtails and Norwegian Forest Cats
http://www.pbase.com/arimus - My online photogallery
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux