Hi, My current iptables rules are: cat /etc/sysconfig/iptables # Generated by iptables-save v1.4.7 on Mon Aug 22 21:17:33 2011 *nat :PREROUTING ACCEPT [493:28472] :POSTROUTING ACCEPT [344:23920] :OUTPUT ACCEPT [344:23920] COMMIT # Completed on Mon Aug 22 21:17:33 2011 # Generated by iptables-save v1.4.7 on Mon Aug 22 21:17:33 2011 *filter :INPUT ACCEPT [12511:3538351] :FORWARD ACCEPT [16:832] :OUTPUT ACCEPT [11397:5249840] COMMIT # Completed on Mon Aug 22 21:17:33 2011 # Generated by iptables-save v1.4.7 on Mon Aug 22 21:17:33 2011 *mangle :PREROUTING ACCEPT [92:12257] :INPUT ACCEPT [3202:794108] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [2909:931650] :POSTROUTING ACCEPT [2909:931650] :DIVERT - [0:0] -A PREROUTING -d 10.10.10.30/32 -p tcp -m tcp --dport 80 -j ACCEPT -A PREROUTING -p tcp -m socket -j DIVERT -A PREROUTING -p tcp -m tcp --dport 80 -j TPROXY --on-port 3129 --on-ip 0.0.0.0 --tproxy-mark 0x1/0x1 -A PREROUTING -j LOG -A DIVERT -j MARK --set-xmark 0x1/0xffffffff -A DIVERT -j ACCEPT COMMIT Is it correct use of log options?I want to log everything for my logs . i want to see what happening with socket match and what happening with tproxy match options Please guide me for that.my use of log rule is valid or? Thanks, Tej -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
