Hi there, Was wondering if there's a way to do logging of unknown ports/traffic while not logging those known ports?
I've tried the following and all doesn't work, can anyone tell me what went wrong? -A INPUT -i eth0 -p tcp -m tcp ! --sport 22 --tcp-flags FIN,SYN,ACK -j LOG -A INPUT -i eth0 -p tcp -m tcp ! --sport 110 --tcp-flags FIN,SYN,ACK -j LOG -A INPUT -i eth0 -p tcp -m tcp ! --sport 80 --tcp-flags FIN,SYN,ACK -j LOG or using chains -A INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN,ACK -j NORMPORTS -N NORMPORTS -A NORMPORTS -p tcp -m tcp ! --sport 22 -j LOG -A NORMPORTS -p tcp -m tcp ! --sport 110 -j LOG -A NORMPORTS -p tcp -m tcp ! --sport 80 -j LOG also found out that multiport doesn't work with the negate "!" eg -A INPUT -i eth0 -p tcp -m multiport ! --sports 22,80,110 --tcp-flags FIN,SYN,ACK -j LOG It accepts the "!" but when you do a iptables -L or iptables-save you'll find that the negate "!" is missing. I kinf of thought why it doesn't work, but i've got no clue as to how to get it working ... any ideas? cheers, sixx
