On Monday 11 August 2003 17:52, Tom Ball wrote:
> My LOG rules were first so the packets to be rejected were logged
> first. Is the man page's LOG section wrong? That's where I got the
> "duplicate rule and change REJECT to LOG" hack.
>
According to the manual (I don't recall which one right now) the LOG rule goes
last.
Joebewan
> My goal is to log all rejected packets except multicast ones, as those
> aren't potential attacks (at least within my company's firewall,
> anyway).
>
> Tom
>
> On Mon, 2003-08-11 at 15:22, jdow wrote:
> > Wrong order. Try this one:
> > # reject everything else
> > -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --syn -j REJECT
> > -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j REJECT
> > -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --syn -j LOG
> > -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j LOG
> > -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 --syn -j LOG
> >
> > {^_^}
> > ----- Original Message -----
> > From: "Tom Ball" <Tom.Ball@xxxxxxx>
> >
> > > I added logging to the end of my iptables config, but now need to stop
> > > logging all the multicast messages being broadcast at work (the point
> > > was to notice real security issues). The following rule is accepted,
> > > but doesn't suppress anything:
> > >
> > > # ignore multicast broadcasts
> > > -A RH-Lokkit-0-50-INPUT -p udp -m pkttype --pkt-type multicast --dport
> > > 0:1023 -j REJECT
> > > # reject everything else
> > > -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --syn -j LOG
> > > -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j LOG
> > > -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 --syn -j LOG
> > > -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --syn -j REJECT
> > > -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j REJECT
> > >
> > > Does "--pkt-type multicast" work? Is there an alternative way to
> > > ignore IPs with destinations of *.*.*.255?
--
Shrike-list mailing list
Shrike-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/shrike-list
