Make these changes to your firewall script: if [ -n "`$IPTABLES -L | $GREP log-and-forget`" ]; then $IPTABLES -F log-and-forget fi
.... $IPTABLES -N log-and-forget $IPTABLES -A log-and-forget -j LOG --log-level warning --log-prefix "[WARNING] " $IPTABLES -A log-and-forget -j RETURN # The next rules should be on the top of INPUT, FORWARD and OUTPUT chains $IPTABLES -A INPUT -p TCP -dport 22 -m state -state NEW -j log-and-forget $IPTABLES -A FORWARD -p TCP -dport 22 -m state -state NEW -j log-and-forget $IPTABLES -A OUTPUT -p TCP -dport 22 -m state -state NEW -j log-and-forget -----Original Message----- From: Damijan Sencar [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 30, 2002 7:13 AM To: [EMAIL PROTECTED] Subject: Logging NEW ssh connections Hi! I want to log all new ssh connections from Internet to syslogd. I added chain as follows but it doesn't log anything. $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 22 -m state --state NEW -j LOG --log-level DEBUG --log-prefix "NEW SSH IN logged" $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 22 -j allowed However it works (logs all packets to syslogd) if I change state from NEW to ESTABLISHED. What could be wrong there? Thanx, Damijan
