Re: Packets logged as blocked even Firewall (IPtables) accepts them ...

"Walter H." <walter.h@xxxxxxxxxxxxxxxxx> · Wed, 19 Jul 2017 11:40:36 +0200

On Wed, July 19, 2017 11:31, Antony Stone wrote:
> On Wednesday 19 July 2017 at 10:16:30, Walter H. wrote:
>
>> I added these rules, and will see which packets are caught
>>
>> -A INPUT -m state --state INVALID -j LOG --log-prefix "IP[IN(invalid)]:
>> "
>> --log-level 7
>> -A FORWARD -m state --state INVALID -j LOG --log-prefix
>> "IP[FWD(invalid)]:
>> " --log-level 7
>> -A OUTPUT -m state --state INVALID -j LOG --log-prefix
>> "IP[OUT(invalid)]:
>> " --log-level 7
>>
>> and not by these after:
>>
>> -A INPUT -j LOG --log-prefix "IP[IN]: " --log-level 7
>> -A FORWARD -j LOG --log-prefix "IP[FWD]: " --log-level 7
>> -A OUTPUT -j LOG --log-prefix "IP[OUT]: " --log-level 7
>
> Note that any packets caught by the first rules will *also* be caught by
> the
> second rules (since there is no DROP in between, and the second rule does
> not
> exclude INVALID),

how would I exclude INVALID in the second rules?

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users