On Sunday 14 April 2002 6:51 pm, Charlie Grosvenor wrote: > Hi > > I would like to log all packets coming on ppp0 that are not > destined to port 80,20,21,25,53. How can I do this using iptables, the > ?dport only takes a port range, is there anything else I can use?
Create yourself a special table: iptables -N PORTLOG Then, if you want to log stuff coming in to the machine itself: iptables -A INPUT -i ppp0 -j PORTLOG or, if you're interesting in stuff that's being forwarded to somewhere else: iptables -A FORWARD -i ppp0 -j PORTLOG (You can use both the above if you want to) Then tell the new table to ignore the packets you're not interested in logging: iptables -A PORTLOG -p tcp --dport 20 -j RETURN iptables -A PORTLOG -p tcp --dport 21 -j RETURN iptables -A PORTLOG -p tcp --dport 25 -j RETURN iptables -A PORTLOG -p tcp --dport 53 -j RETURN iptables -A PORTLOG -p tcp --dport 80 -j RETURN Finally tell it to log whatever fell through to to bottom of that list: iptables -A PORTLOG -p tcp -j LOG --log-prefix "TCP packet not port 20,21,25,53,8" and then carry on in the INPUT or FORWARDING chain with any other rules you might want: iptables -A PORTLOG -j RETURN Antony.
