Am 22.08.2013 14:23, schrieb Charles Marcus: > Now to figure out how to log these firewall rejections to a separate log > file, so I can see them if/when someone > complains about not being able to connect
nothing easier than that * the first rule logs with rate-control to avoid self-DOS * the second one rejects * the same works for any iptables rule (log-line excatly like the other rule, different action) iptables -A INPUT -p tcp --dport 587 -s <source-range/ip> -m conntrack --ctstate NEW -m limit --limit 1/m -j LOG --log-level debug --log-prefix "Firewall: " iptables -A INPUT -p tcp --dport 587 -s <source-range/ip> -m conntrack --ctstate NEW -j REJECT --reject-with icmp-admin-prohibited _______________________________________________ rsyslog.conf *before* all other rules :msg, contains, "Firewall " -/var/log/firewall.log & ~
