Ashley M. Kirchner wrote:
One of our offices has several network ranges blocked in iptables (essentially '-A INPUT -s www.xxx.yyy.zzz/aa -j DROP'). What I'd like to do is create a log entry each time a packet is dropped, IF it matches any of those networks. I think I need to assign all of those networks to a "group" and then log dropped packets from that group only. And while I realize this might have other ramifications, such as logs growing exponentially, for now we're taking small steps. Later on I can then look for things like logging the same IP only once...
So how do I tell iptables to create a group or name, or whatever it's
I wish people would learn to google "how to" what I want to know, so in this case http://www.google.com/search?q=%22how+to%22+iptables&start=0&start=0... or http://www.google.com/search?num=100&hl=en&c2coff=1&safe=active&...
I'm surprised netfilter doesn't come close to the top: 07:42 [summer@numbat ~]$ rpm -qif /sbin/iptables Name : iptables Relocations: /usr Version : 1.3.5 Vendor: Scientific Linux Release : 1.2.1 Build Date: Sun Mar 25 02:55:15 2007 Install Date: Fri Jun 15 10:36:39 2007 Build Host: norob.fnal.gov Group : System Environment/Base Source RPM: iptables-1.3.5-1.2.1.src.rpm Size : 559481 License: GPL Signature : DSA/SHA1, Sat Apr 14 06:14:35 2007, Key ID da6ad00882fd17b2 URL : http://www.netfilter.org/ which also gives a hint about useful reading material.
Cheers John
-- spambait 1aaaaaaa@coco.merseine.nu Z1aaaaaaa@coco.merseine.nu
Please do not reply off-list