rules suggestion ?

Cameleons email hidden
Fri Mar 14 22:03:01 CET 2003



> > 
> > is it possible to create a rule for logging all traffic on a() specific(s) port(s) ?

> Yes. Use the LOG policy in INPUT, OUTPUT and/or FORWARD rules.

here is my INPUT in zone.ext :
EXT_NET = 0.0.0.0//0
EXT_IP  = my web ip

..
INPUT[2]="ACCEPT udp 1024 EXT_NET=>EXT_IP"
INPUT[3]="LOG udp 1024 EXT_NET=>EXT_IP"
..

in the fiaif output script i have :
...
iptables -N LOG_LOG
iptables -A LOG_LOG -j LOG --log-level CRIT --log-prefix [FIAIF_LOG]:
...
### INPUT[3]=LOG udp 1024 EXT_NET=>EXT_IP
iptables -t filter -A INPUT_EXT -p udp --dport 1024 -d
MY_IP_replaced_here/32 -j LOG_LOG
...

when i check syslog file i have no input for theses packets ...

did i miss something ?


regards




More information about the fiaif mailing list