It works now! Thanx,
Damijan Omar Castaneda Acosta wrote: >Make these changes to your firewall script: > >if [ -n "`$IPTABLES -L | $GREP log-and-forget`" ]; then > $IPTABLES -F log-and-forget >fi > >.... > >$IPTABLES -N log-and-forget >$IPTABLES -A log-and-forget -j LOG --log-level warning --log-prefix >"[WARNING] " >$IPTABLES -A log-and-forget -j RETURN > ># The next rules should be on the top of INPUT, FORWARD and OUTPUT >chains > >$IPTABLES -A INPUT -p TCP -dport 22 -m state -state NEW -j >log-and-forget >$IPTABLES -A FORWARD -p TCP -dport 22 -m state -state NEW -j >log-and-forget >$IPTABLES -A OUTPUT -p TCP -dport 22 -m state -state NEW -j >log-and-forget > > >-----Original Message----- >From: Damijan Sencar [mailto:[EMAIL PROTECTED]] >Sent: Thursday, May 30, 2002 7:13 AM >To: [EMAIL PROTECTED] >Subject: Logging NEW ssh connections > >Hi! > >I want to log all new ssh connections from Internet to syslogd. I added >chain as follows but it doesn't log anything. > >$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 22 -m state --state NEW >-j LOG --log-level DEBUG --log-prefix "NEW SSH IN > logged" >$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 22 -j allowed > > >However it works (logs all packets to syslogd) if I change state from >NEW to ESTABLISHED. What could be wrong there? > >Thanx, > >Damijan > >
