** Reply to message from Jean Francois Ortolo <[EMAIL PROTECTED]> on
Sat, 05 Oct 2002 11:11:49 +0200 (CEST)
> Hi all
> I fully apologize for my previous post, that's a mistake.
>
> I apologize this should be adressed to the vahalla-list, but this is an
> iptables problem, wich is the same for the 8.0 version.
>
> Simple problem: I wish in the same rule, set both the 'LOG' and 'DROP'
> targets.
>
> Either do I must set both same rules, first with a LOG target, second
> with a DROP target, or may I set the two targets directly in one rule ?
>
> Example: Either 1)
> /sbin/iptables -A INPUT -i eth0 -d ${IPADDR} --syn -j LOG
> /sbin/iptables -A INPUT -i eth0 -d ${IPADDR} --syn -j DROP
>
> or 2)
> /sbin/iptables -A INPUT -i eth0 -d ${IPADDR} --syn -j LOG DROP
>
> Indeed, ${IPADDR} is my IP address, the rules are to be set in a Shell
> script. ( I need my specific IP adress, which is dynamic, so I can't use
> the firewall system file /etc/sysconfig/iptables. )
This is how the Firestarter authors did it:
# Create a new log and drop (LD) convenience chain.
$IPT -N LD 2> /dev/null
$IPT -F LD
$IPT -A LD -j LOG
$IPT -A LD -j DROP
STOP=LD
Then you would just jump to the STOP variable (-j $STOP) if you wanted to log
and drop at the same time.
jb
