Wrong order. Try this one:
# reject everything else
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --syn -j LOG
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j LOG
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 --syn -j LOG
{^_^}
----- Original Message -----
From: "Tom Ball" <Tom.Ball@xxxxxxx>
> I added logging to the end of my iptables config, but now need to stop
> logging all the multicast messages being broadcast at work (the point
> was to notice real security issues). The following rule is accepted,
> but doesn't suppress anything:
>
> # ignore multicast broadcasts
> -A RH-Lokkit-0-50-INPUT -p udp -m pkttype --pkt-type multicast --dport
> 0:1023 -j REJECT
> # reject everything else
> -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --syn -j LOG
> -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j LOG
> -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 --syn -j LOG
> -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --syn -j REJECT
> -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j REJECT
>
> Does "--pkt-type multicast" work? Is there an alternative way to ignore
> IPs with destinations of *.*.*.255?
--
Shrike-list mailing list
Shrike-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/shrike-list
