iptables: are DROP and LOG order sensitive
This is a discussion on iptables: are DROP and LOG order sensitive within the Linux Security forums, part of the System Security and Security Related category; Hi All, Are these two comand order sensitive? iptables -A dsl-in -j DROP iptables -A dsl-in -j LOG --...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
07-03-2003
|
|||
|
|||
iptables: are DROP and LOG order sensitive
Hi All,
Are these two comand order sensitive? iptables -A dsl-in -j DROP iptables -A dsl-in -j LOG --log-level debug --log-prefix "yada ... " Many thanks, --Tony aewell@gbis.com -- ------------------------- I Fish. Therefore, I am. ------------------------- 
|
|
07-04-2003
|
|||
|
|||
|
Re: iptables: are DROP and LOG order sensitive
On Thu, 03 Jul 2003 15:46:27 -0700, Anthony Ewell <aewell@gbis.com> wrote:
> > Are these two comand order sensitive? > > iptables -A dsl-in -j DROP > iptables -A dsl-in -j LOG --log-level debug --log-prefix "yada ... " DROP terminates the chain. So you need to flip-flop these, assuming you are trying to log the DROPs. -- Hal Burgiss
|
|
07-04-2003
|
|||
|
|||
|
Re: iptables: are DROP and LOG order sensitive
Hi Tony -
On Thu, 03 Jul 2003 15:46:27 -0700, Anthony Ewell <aewell@gbis.com> wrote: >iptables -A dsl-in -j DROP >iptables -A dsl-in -j LOG --log-level debug --log-prefix "yada ... " Yes. DROP terminates, LOG continues. So in this order no logging will occur. You must LOG *before* you DROP (or ACCEPT). Ken http://www.ke9nr.net/
|
|
07-04-2003
|
|||
|
|||
|
Re: iptables: are DROP and LOG order sensitive
Anthony Ewell wrote:
> Hi All, > > Are these two comand order sensitive? > > iptables -A dsl-in -j DROP > iptables -A dsl-in -j LOG --log-level debug --log-prefix "yada ... " Once you DROP a packet, it's dead and gone. It'll never make it to the LOG rule.
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 03:20 PM.
