On Saturday 13 April 2002 12:47 pm, sixx wrote:
> Hi there,
>
> Just a repost and reword, I'm still wondering if there's a way to log
> ALL ports/traffic and NOT log those known ports?
>
> if (port!=22 || port!=80 || port!=110 || ...) {
> log;
> }
>
Yes - do this:
iptables -A INPUT -p tcp --sport 22 -j ACCEPT
iptables -A INPUT -p tcp --sport 110 -j ACCEPT
iptables -A INPUT -p tcp --sport 80 -j ACCEPT
iptables -A INPUT -p tcp -j LOG --log-prefix "TCP, not port 22/110/80"
I repeat that the expression you have written above -
if (port!=22 || port!=80 || port!=110 || ...) {
log;
}
means "if the port is not 22, or the port is not 80, or the port is not 110,
then log it"
Think about this for a moment. What happens if the port is 80 ?
It is not 22, therefore it gets logged.
What happens of the port is 22 ?
It is not 80, therefore it gets logged......
The expression you really want is:
if (port!=22 && port!=80 && port!=110 && ...) {
log;
}
which is the same as:
if (port==22 || port==0 || port==110 || ..... )
{
don't log - just accept it;
}
else
{
log;
}
Try the instructions I've put at the top of this email and tell me what goes
wrong.
Antony.
