A quick question...

Eric Andreychek eric@mushr00m.com
Fri, 29 Oct 1999 19:22:20 -0400 (EDT) 

  Hello,

>         I'm trying to set IPtables to log packets; however, incoming packets
> from my DNS server aren't something I want to log; ditto, any incoming packets
> from my ICQ server.  So, I want that part of my rules to be the following:
...
>         However, I can't specify both sources in the same line (that I've
> found), and, if I specify them as above, the ICQ server messages still get
> logged.

  Well, consider doing this.  As opposed to putting all your rules right
off the input chain, create a few new chains.  I did this:

Put a default policy of DROP on the Input chain.  Then, 
Create a chain called "ldrop" (log&drop), which looks something like this:
iptables -A ldrop --proto tcp -j LOG --log-level info --log-prefix "TCP Drop "
iptables -A ldrop --proto udp -j LOG --log-level info --log-prefix "UDP Drop "
iptables -A ldrop --proto icmp -j LOG --log-level info --log-prefix "ICMP Drop"
iptables -A ldrop -j DROP

Create a chain called "watch"    (log & accept)
iptables -A watch -m limit -j LOG --log-level warn --log-prefix "ACCEPT "
iptables -A watch -j ACCEPT

Create a chain called "ppp-in", which hangs off INPUT 
iptables -A INPUT -i ppp0 -j ppp-in
  and then throw all your ppp0 input rules in here.. some might be:
iptables -A ppp-in -f -j ldrop
iptables -A ppp-in --proto udp --dport :1023 -j ldrop
iptables -A ppp-in --proto tcp --syn -j watch
iptables -A ppp-in --proto tcp --dport 23 -j ACCEPT
  
   yada yada yada, you get the idea.

  If you want a full working example, I can send you my config, it's about
300 lines, including plenty of documentation & comments.  It's based on
something that was posted here in the past, but modified to be a bit more
for ppp users.  If you want it, just let me know.  Hope this helps,
   -Eric


--------------------------------------------------------------------------- 
 Eric Andreychek                  | Lucy: "What happens if you practice the 
 Eric Conspiracy Secret Labs      |  piano for 20 years and then end up not 
 eric@mushr00m.com                |  being rich and famous?"                
 http://mushr00m.com/igloo        | Schroeder: "The joy is in the playing." 
---------------------------------------------------------------------------
                Linux. Have you administered a real OS today?