$author = "Peter Rundle" ; > > I then add a couple of simple rules with > > # iptables -A INPUT -p TCP --dport 80 -j LOG --log-prefix "HTTP: " > # iptables -A INPUT -p TCP -j LOG --log-prefix "OTHER: " > > But when I list /var/log/messages I get both the HTTP and OTHER > labels!!!???? > > Mar 21 21:25:26 ganymede kernel: HTTP: IN=lo OUT= [snip] > Mar 21 21:25:26 ganymede kernel: OTHER: IN=lo OUT= [snip] > > So what's the story?
logging doesn't automatically stop processing. it jumps to the log action but returns to continue processing the ruleset. if you jump to one of the other actions (ie. DROP, REJECT, ALLOW) that does cease processing... so to implement your DROP by default, allow what we specify, set the default policy of the ruleset to DROP: iptables -P INPUT DROP and then add all your allow rules, and then just to be sure, i always finish with a DROP to remind myself i am dropping everything (even though this is redundant given the default policy, but i prefer defense in depth, so if i forget one or the other i have a backup) have you read rusty's unreliable guides? (http://netfilter.samba.org) marty -- Skirwan - "And if pigs can fly, and I can ride one, and they fly me to hell, and it just froze over, and we all have ice cream..." [1] talonyx - "I really need to stop reading Slashdot while on codeiene..." [2] [1] - http://slashdot.org/comments.pl?sid=28984&cid=3113144 [2] - http://slashdot.org/comments.pl?sid=28984&cid=3113355 -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
