Mike Wohlgemuth wrote:
Here's what I do:
-N LOGDROP -A LOGDROP -j LOG --log-prefix "$IPTABLES drop:" -A LOGDROP -j DROP
Then you can add lines for the things you want logged like this:
-A INPUT -s www.xxx.yyy.zzz/aa -j LOGDROP
Now that works great (I removed the $ from it.) The only, small, issue is that I'd like some kind of identifier when it logs, instead of just saying 'IPTABLES drop:'. Is there a way of saying something like, 'all these IP ranges belong to .ru domains' and then when it logs the packet, to have the prefix say 'IPTABLES drop .ru: ' And do the same for other ranges that are defined (at the moment they have .ru, .hk, .cn, etc., etc. blocked.)
Or do I have to create individual chains for each one, and change the prefix on each?