iptables log drop question

This is a discussion on iptables log drop question within the Linux Security forums, part of the System Security and Security Related category; -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all ~ Why does this not work, the exact issue is that my log ...


Go Back   Usenet Forums > System Security and Security Related > Linux Security

Reload this Page iptables log drop question

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 11-24-2004
paul Morriss
 
Posts: n/a
Default iptables log drop question
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all
~ Why does this not work, the exact issue is that my log file keeps
getting filled with junk, I have posted questions before and now tried
them and still just as confused, I expected the log file to only log the
rule 5 messages the stop :

# Singe IP address
echo "[INFO] Blocking single IP address : $ip_address because $reason";
iptables -A DENY_IP_IN -s $ip_address -m limit --limit $LOG_LIMIT \
~ --limit-burst $LOG_LIMIT_BURST -j LOG --log-level $LOG_LEVEL \
~ --log-prefix "IP IN: $reason "
iptables -A DENY_IP_IN -s $ip_address -j DROP

My log file is getting spammed with
Nov 25 21:25:10 testbox kernel: IP IN: Single IP Address^M IN=eth0 OUT=
MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=192.168.xxx.xxx
DST=192.168.xxx.xx LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=53 DF PROTO=ICMP
TYPE=8 CODE=0 ID=18232 SEQ=54

Any help would really be appreciated.

Paul
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBpPBuoLDxPzZbDg8RAvfGAJ4rILzjR6CPNxSThRub9v 9T7p1ongCZAQgb
7blPnfdrEONGGuy/KCKvWrU=
=QCVl
-----END PGP SIGNATURE-----
Reply With Quote
  #2 (permalink)  
Old 11-25-2004
Robert Spangler
 
Posts: n/a
Default Re: iptables log drop question
On Wed, 24 Nov 2004 20:34:54 +0000, paul Morriss wrote:

> ~ Why does this not work, the exact issue is that my log file keeps
> getting filled with junk, I have posted questions before and now tried
> them and still just as confused, I expected the log file to only log the
> rule 5 messages the stop :

I believe you are confused what the functions are of limit and limit-burst.

What are the values of $LOG_LIMIT and $LOG_LIMIT_BURST?

--limit = amount of traffic you will allow per <second,minute,hour,day>.
--limit-burst = the amount you will allow over the limit per
<second,minute,hour,day>.

Anything over these settings will be logged.

Have a look here:
http://iptables-tutorial.frozentux.n...BLE.LIMITMATCH


----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! >100,000 Newsgroups
---= East/West-Coast Server Farms - Total Privacy via Encryption =---
Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On




All times are GMT +1. The time now is 01:47 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0