Hi all! I'am fairly new to Netfilter + iptables. I can't get iptables to work properly with Kirk Bauer's Logwatch program. For those of you not familar with Logwatch, it converts the iptable's log: Mar 21 09:33:06 habitat kernel: IN=ppp0 OUT= MAC= SRC=165.247.46.92 DST=66.32.37.133 LEN=78 TOS=0x00 PREC=0x00 TTL=117 ID=7826 PROTO=UDP SPT=1527 DPT=137 LEN=58 Into something like this: ################## LogWatch 2.1.1 Begin ##################### ---------------------- Kernel Begin ------------------------- Denied packets from a087141.adsl.hansenet.de (213.191.87.141). Port ftp (tcp,ppp0,input): 2 packet(s). Total of 2 packet(s). ---------------------- Kernel End ------------------------- Logwatch usually sends a complete log every 12 hours with all kinds of unusual activities that your system may encouter. Ever since i switched from ipchains to iptables Logwatch does not process iptables's log correctly. The result is this: 2 Time(s): EXT3-fs: recovery complete. 2 Time(s): EXT3-fs: write access will be enabled during recovery. 3 Time(s): HDLC line discipline: version $Revision: 3.3 $, maxframe=4096 1 Time(s): IN=ppp0 OUT= MAC= SRC=12.228.81.68 DST=199.174.179.55 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=11529 DF PROTO=TCP SPT=21239 DPT=1214 WINDOW=16384 RES=0x00 SYN URGP=0 1 Time(s): IN=ppp0 OUT= MAC= SRC=12.228.81.68 DST=199.174.179.55 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=11545 DF PROTO=TCP SPT=21239 DPT=1214 WINDOW=16384 RES=0x00 SYN URGP=0 I don't know why Logwatch does not work correctly with iptables. I am not using any extended log options with iptables. Just a simple: $IPT -N firewall $IPT -A firewall -j LOG $IPT -A firewall -j DROP I would really appreciate some feedback. Al
