Hi there,
Just a repost and reword, I'm still wondering if there's a way to log
ALL ports/traffic and NOT log those known ports?
if (port!=22 || port!=80 || port!=110 || ...) {
log;
}
Below are what i tried to implement of the above, but of course they
don't work, could anyone help me out on this?
-A INPUT -i eth0 -p tcp -m tcp ! --sport 22 --tcp-flags FIN,SYN,ACK -j
LOG
-A INPUT -i eth0 -p tcp -m tcp ! --sport 110 --tcp-flags FIN,SYN,ACK -j
LOG
-A INPUT -i eth0 -p tcp -m tcp ! --sport 80 --tcp-flags FIN,SYN,ACK -j
LOG
...
OR
-A INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN,ACK -j NORMPORTS
-N NORMPORTS
-A NORMPORTS -p tcp -m tcp ! --sport 22 -j LOG
-A NORMPORTS -p tcp -m tcp ! --sport 110 -j LOG
-A NORMPORTS -p tcp -m tcp ! --sport 80 -j LOG
...
OR
-A INPUT -i eth0 -p tcp -m multiport ! --sports 22,80,110... --tcp-flags
FIN,SYN,ACK -j LOG
I know why it doesn't work, but i've got no clue as to how to get it
working ... any ideas?
(multiport CANNOT work with "!". iptables --check isn't working yet? on
1.2.6a)
cheers,
sixx
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
