Logging troube

[Ryan Daly]

Guys,

Sorry if this has been covered already.  I just joined the iptables family the
other night.

So far, this is alot like ipchains, but I think it's quite a bit better.  The
only problem I'm having is with logging packets and building the filters as I
did with ipchains-{save,restore}.

First off, here's the problem I was having just last night.  I was reading the
HOW-TO and also some of the posts on this list and found a proper way to log
and deny packets.  So, I have something like this:

iptables -N log-n-drop
iptables -A log-n-drop -j LOG --log-level <whatever>
iptables -A log-n-drop -j DROP

iptables -N smpt
iptables -A smtp -p tcp --dport 25 -j log-n-drop

iptables -A INPUT -j smtp

All I was doing with this was testing the logging facility to make sure I was
seeing DROPed SMTP packets.  Well, the only place I was seeing the logs was
when I'd issue a 'dmesg'.  It wasn't getting logged to the place I had defined
for it in my /etc/syslog.conf.

In my trials, is it possible that I selected a --log-level that told it to log
to where ever dmesg gets its information?  And, if I did that, why did it stick
afterwards?  I was not able to get it to log anywhere else.

Secondly, I already mentioned this above, is there a way to quickly build your
filters as was available in ipchains with -save and -restore?

Thanks for any help!!

--
Ryan Daly
Unix Administrator/Network Engineer
Concurrent Technologies Corporation		(v) 814.269.6889
100 CTC Drive					(f) 814.269.6870
Johnstown, PA US 15904-1935

	91 3E E1 09 16 D1 5A 67 1A CA 16 C7 E0 C1 74 72
		ftp.ctc.com:/pub/PGP-keys/daly.asc