[Fedora] Re: Logging denied packets (iptables)
Ashley M. Kirchner
ashley at pcraft.com
Wed Oct 17 19:38:29 UTC 2007
Mike Wohlgemuth wrote:
> Here's what I do:
>
> -N LOGDROP
> -A LOGDROP -j LOG --log-prefix "$IPTABLES drop:"
> -A LOGDROP -j DROP
>
> Then you can add lines for the things you want logged like this:
>
> -A INPUT -s www.xxx.yyy.zzz/aa -j LOGDROP
Now that works great (I removed the $ from it.) The only, small,
issue is that I'd like some kind of identifier when it logs, instead of
just saying 'IPTABLES drop:'. Is there a way of saying something like,
'all these IP ranges belong to .ru domains' and then when it logs the
packet, to have the prefix say 'IPTABLES drop .ru: ' And do the same
for other ranges that are defined (at the moment they have .ru, .hk,
.cn, etc., etc. blocked.)
Or do I have to create individual chains for each one, and change
the prefix on each?
More information about the users
mailing list