Alexander Demenshin aldem@aldem.net
Fri, 24 Sep 1999 11:08:05 +0200

> > 		iptables -j LOG
> > 		
> > 	also does not work (despite the fact that LOG
> > 	defined as a target).
> Hmm... are your libraries installed?  Is the ipt_LOG.o module
> installed?

  Yes, of course - at least I've done "make install", after
  that checked physical presense of files, and checked some
  other functionality.

> > 	Really, I see no reason why it should be a separate
> > 	module - just because logging is necessary almost
> > 	everywhere.
> No.  Logging this way is usually a really stupid idea.  You just flood
> your logs.  But it's popular, and useful for debugging...

  Hrrr... Well, I just mean that is should be possible to turn logging
  on for every rule, it should not be turned on by default, of course :)
  Say, old syntax:
  	ipchains -I -A deny -d 0/0 161 -l
  means that in case if rule matches I will get a log record for it
  (-l option).
  But, in case if LOG is a target, it means that I cannot do logging
  for rule with different target. So, why I should add another rule,
  completely equal to another, to add logging? I see no reason,
  Well, you could say that I may create dedicated chain, place logging
  rule first, and next - all decision rules, but it is inconvinient,
  I think.
  BTW... Long time ago in our discussion concerning ipchains, you told
  me that everything should be done in user space, at least all that
  can be done in user space - now I see kernel space and bunch of modules :))