Mart,
Not Quite,
10.0.0.1 10.0.0.2 ---rest of home
network 10.0.0.x
----internet----| firewal | -------Linux server
What I want to do is allow the 10.0.0.x network.
Log packets that are not whose source address are not the 10.0.0.x
network, with certain exceptions, like the time server and dns server,
Drop and log specifially designated subnets that seem to pound probe
port 22.
Chip
What I want to do is allow all 10.
Mart Frauenlob wrote:
netfilter-owner@xxxxxxxxxxxxxxx wrote:
Good evening,
I currently have the following macro.
/sbin/iptables -N LOGDROP
/sbin/iptables -A LOGDROP -i wlan0 ! -s 10.0.0.2 -j LOG
--log-level info
/sbin/iptables -A LOGDROP -j DROP
/sbin/iptables -A INPUT -i wlan0 -s 58.102.198.29/255.255.255.0 -j
LOGDROP
What I really wan to do is log address and excluding certain subnets,
and address, but drop others on offending networks.
So I want to log addresses to wlan0 whose source address is not
10.0.0.2, but drop subnets which I exclude.
What is the best way to do this
Thanks
Chip
If I get your question right:
$IPT -N LOGDROP
$IPT -A LOGDROP -s 10.0.0.2 -j RETURN
$IPT -A LOGDROP -j LOG --log-level INFO
$IPT -A LOGDROP -j DROP
$IPT -A INPUT -i wlan0 -s 10.0.0.0/24 -j LOGDROP
$IPT -A INPUT -i wlan0 -s 58.102.198.29/24 -j LOGDROP
...
Regards
Mart
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html