-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 12 Aug 2003 03:16:22 -0700, jdow wrote: > Rules are executed "top down". So packets logged in an early rule and > then rejected in a later rule get both logged and rejected. And I did > somewhat misread the list. It looks like you want to both log and reject > the 0:1023 material so you could -j REJECT -j LOG in a single rule, I > believe. Please excuse my error. No, that was possible with ipchains where logging was not a target, but an option. Iptables does not allow multiple targets, i.e. it does not allow multiple -j flags. Hence two separate rules is how it must be done. You can also match only once and then jump to a user-defined chain, which does a simple catch-all LOG/REJECT, e.g. -N logreject -A logreject -j LOG -A logreject -j REJECT -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j logreject - -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/OOpC0iMVcrivHFQRAsGiAJsFA9bDThwX1/1y9X2PX9PPkuOVSwCfc+Gk O398Bet5ODlezOr0a3gkPpI= =zhfk -----END PGP SIGNATURE----- -- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list
