Hi All, This was too obvious so I couldn't find it... I did a "-I" for the DROP rule, so obviously it was matched before the LOG rule... tsss.. David 2010/5/7 David ROBERT <castlebbs@xxxxxxxxx>: > Hi All, > > I have a very basic question. I am updating an active response script > for OSSEC that add DROP rules. I added rules to log packets being > dropped: > Ex for IP 1.1.1.1 > > iptables -I INPUT -s 1.1.1.1 -m limit --limit 1/sec -j LOG > --log-prefix OSSEC-HIDS --log-level 7 (rule added) > iptables -I INPUT -s 1.1.1.1 -j DROP (original rule) > > It doesn't log, it actually logs if I only run the first rule, as soon > as I run the DROP rule, it DROP packets indeed, but it won't log > anymore. -- David ROBERT -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
