To the rest of the posts, I understand the logical && issue as you've
said, i know my logical issue sucks, but the issue would be how could i
implement a logical && ?
To my knowledge,as the rules transverse you don't have a way to "break"
out of the chain following it. Like my config, which is *WRONG* as what
you all pointed out once it misses 1 rule, it would match the other.
> > > -A INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN,ACK -j
> NORMPORTS
> > > -N NORMPORTS
> > > -A NORMPORTS -p tcp -m tcp ! --sport 22 -j LOG
> > > -A NORMPORTS -p tcp -m tcp ! --sport 110 -j LOG
> > > -A NORMPORTS -p tcp -m tcp ! --sport 80 -j LOG
Instead if i used David's advice of the following, wouldn't i be back to
the starting? I understand David's logical structure and his advice, but
this still doesn't help me log fewer entries. Instead the below appends
a "TCP, not port 22/110/90" message in the logs, sure enough i could
just grep -v it, but isn't there a way out of this mess?
Like how do i implement a logical && instead?
> > -A NORMPORTS -p tcp --sport 22 -j ACCEPT
> > -A NORMPORTS -p tcp --sport 110 -j ACCEPT
> > -A NORMPORTS -p tcp --sport 80 -j ACCEPT
> > -A NORMPORTS -p tcp -j LOG --log-prefix "TCP, not port 22/110/80"
Sorry to the rest as i'm not subscribed to this ML and i was not able to
see the other replies, only saw one from David and another from Yan =)
Thanks for correcting whatever errors that i've made.
best regards,
sixx
On Sat, 2002-04-13 at 23:54, Yan Seiner wrote:
> sixx wrote:
> >
> > Hi there,
> >
> > Just a repost and reword, I'm still wondering if there's a way to log
> > ALL ports/traffic and NOT log those known ports?
> >
> > if (port!=22 || port!=80 || port!=110 || ...) {
> > log;
> > }
> >
>
> That will log EVERYTHING. What you want is:
>
> if !(port=22 || port=80 || port=110 || ...) {
> log;
> |
>
> Or, conversely,
>
> if (port!=22 && port!=80 && port!=110 & ...) {
> log;
> }
>
