Re: propper logging and dropping

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Mart,

Not Quite, 10.0.0.1 10.0.0.2 ---rest of home network 10.0.0.x ----internet----| firewal | -------Linux server

What I want to do is allow the 10.0.0.x network.
Log packets that are not whose source address are not the 10.0.0.x network, with certain exceptions, like the time server and dns server, Drop and log specifially designated subnets that seem to pound probe port 22.

Chip




What I want to do is allow all 10.
Mart Frauenlob wrote:
netfilter-owner@xxxxxxxxxxxxxxx wrote:
Good evening,

I currently have the following macro.

/sbin/iptables -N LOGDROP
/sbin/iptables -A LOGDROP -i wlan0 ! -s 10.0.0.2 -j LOG --log-level info
/sbin/iptables -A LOGDROP -j DROP
/sbin/iptables -A INPUT -i wlan0 -s 58.102.198.29/255.255.255.0 -j LOGDROP

What I really wan to do is log address and excluding certain subnets, and address, but drop others on offending networks. So I want to log addresses to wlan0 whose source address is not 10.0.0.2, but drop subnets which I exclude.

What is the best way to do this

 Thanks

Chip


If I get your question right:

$IPT -N LOGDROP
$IPT -A LOGDROP -s 10.0.0.2 -j RETURN
$IPT -A LOGDROP -j LOG --log-level INFO
$IPT -A LOGDROP -j DROP

$IPT -A INPUT -i wlan0 -s 10.0.0.0/24 -j LOGDROP
$IPT -A INPUT -i wlan0 -s 58.102.198.29/24 -j LOGDROP
...

Regards

Mart


--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux