I am fairly new to iptables, but I have much experience with ipchains. Here's
something I used in ipchains, but I can't quite find the equivalent in iptables:
/sbin/ipchains -A input -l -j DENY
Is there a way to LOG and DROP a packet in the same rule? Right now I have
translated the above command into two iptables entries:
/sbin/iptables -A INPUT -j LOG
/sbin/iptables -A INPUT -j DROP
The thing is that with ipchains I was confident that my rules were working (it
showed the target of DENY) and adequate by inspecting the DENY entries in
/var/log/messages. However, with the LOG target in iptables, all I see is that
the packet is logged. In theory that should be sufficient, but there is now way
to know that just because I logged the packet that I remembered to DROP it!
Thanks,
Jerry G.
something I used in ipchains, but I can't quite find the equivalent in iptables:
/sbin/ipchains -A input -l -j DENY
Is there a way to LOG and DROP a packet in the same rule? Right now I have
translated the above command into two iptables entries:
/sbin/iptables -A INPUT -j LOG
/sbin/iptables -A INPUT -j DROP
The thing is that with ipchains I was confident that my rules were working (it
showed the target of DENY) and adequate by inspecting the DENY entries in
/var/log/messages. However, with the LOG target in iptables, all I see is that
the packet is logged. In theory that should be sufficient, but there is now way
to know that just because I logged the packet that I remembered to DROP it!
Thanks,
Jerry G.