-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 12 Aug 2003 18:10:11 -0500, Mike Vanecek wrote: > > -N logreject > > -A logreject -j LOG > > -A logreject -j REJECT > > > > -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j logreject > > That is neat. However, sometimes I like to insert other information with the > rejected log messages. I.e., > > iptables -I INPUT -s 202.0.0.0/8 -j DROP # Asia > iptables -I INPUT -s 202.0.0.0/8 -j LOG --log-prefix "Asia2 " --log-level > DEBUG # Asia 2 > > So, I would need a method to pass my --log-prefix data to the catch all. Doesn't change a thing. Match only once and do the logging and dropping in a user-defined chain. It's much more flexible with regard to modifications and/or temporary tests at run-time: iptables -N asia2 iptables -A asia2 -j LOG --log-prefix "Asia2 " --log-level debug iptables -A asia2 -j DROP iptables -I INPUT -s 202.0.0.0/8 -j asia2 When the match gets more complex, you don't want to match the same thing multiple times in consecutive rules. Okay, it's off-topic in this thread... Btw, 202.0.0.0 - 202.0.15.255 is: descr: Department of Minerals & Energy (WA) descr: Mineral House descr: 100 Plain Street descr: East Perth Western Australia 6004 :) - -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/OXdg0iMVcrivHFQRArt2AJ43EOL4dHC+5VvpKSdLGhCFbk20EwCffrAL Exc1OoZNFGqZq396ie/noLs= =CO82 -----END PGP SIGNATURE----- -- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list
