RE: iptables Logging with ! multiport?

sixx Sat, 13 Apr 2002 02:31:44 -0700

Hi there,

Actually what i want is this


if (port !=22 | port !=80 | port != 110 ...) {
        log;
}

=) hope this clears up what i meant.

cheers,
sixx

On Sat, 2002-04-13 at 16:49, David Luyer wrote:
> 
> > -A INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN,ACK -j NORMPORTS
> > -N NORMPORTS
> > -A NORMPORTS -p tcp -m tcp ! --sport 22 -j LOG
> > -A NORMPORTS -p tcp -m tcp ! --sport 110 -j LOG
> > -A NORMPORTS -p tcp -m tcp ! --sport 80 -j LOG
> 
> You've just said:
> 
>    if (port is not 22) {
>      log;
>    }
> 
> the rest doesn't matter... the first rule will log most of your traffic.
> 
> You should do something like:
> 
> -A NORMPORTS -p tcp --sport 22 -j ACCEPT
> -A NORMPORTS -p tcp --sport 110 -j ACCEPT
> -A NORMPORTS -p tcp --sport 80 -j ACCEPT
> (by this point your "normal" traffic is all accepted, and will not hit
> the next rule)
> -A NORMPORTS -p tcp -j LOG --log-prefix "TCP, not port 22/110/80"
> 
> David.
> 
>

RE: iptables Logging with ! multiport?

Reply via email to