RE: iptables Logging with ! multiport?

David Luyer Fri, 12 Apr 2002 23:29:54 -0700


> -A INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN,ACK -j NORMPORTS
> -N NORMPORTS
> -A NORMPORTS -p tcp -m tcp ! --sport 22 -j LOG
> -A NORMPORTS -p tcp -m tcp ! --sport 110 -j LOG
> -A NORMPORTS -p tcp -m tcp ! --sport 80 -j LOG


You've just said:

   if (port is not 22) {
     log;
   }

the rest doesn't matter... the first rule will log most of your traffic.

You should do something like:

-A NORMPORTS -p tcp --sport 22 -j ACCEPT
-A NORMPORTS -p tcp --sport 110 -j ACCEPT
-A NORMPORTS -p tcp --sport 80 -j ACCEPT
(by this point your "normal" traffic is all accepted, and will not hit
the next rule)
-A NORMPORTS -p tcp -j LOG --log-prefix "TCP, not port 22/110/80"

David.

RE: iptables Logging with ! multiport?

Reply via email to