LOG just about 5 ports
Dominic Lessard
dlessard@colubris.com
Tue, 14 Aug 2001 10:58:53 -0400
Since you explictly ACCEPT packet on ports 21,25... you jump out of the
chain... so you just have to modify your logging rule to log all ports... i.e
iptables -A INPUT -p tcp -i eth1 -m limit --limit 1/s -j LOG
and that's it !! :)
Dominic
On Tuesday 14 August 2001 09:49, Paulo Augusto wrote:
> Hi there,
>
> I´m opening just about 5 ports on my server and DROP connections come to
> others.
>
> I did it:
>
> # iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> # iptables -A INPUT -p tcp -i eth1 -d 200.x.x.x --destination-port 21 -j
> ACCEPT
> # iptables -A INPUT -p tcp -i eth1 -d 200.x.x.x --destination-port 25 -j
> ACCEPT
> # iptables -A INPUT -p tcp -i eth1 -d 200.x.x.x --destination-port 53 -j
> ACCEPT
> # iptables -A INPUT -p udp -i eth1 -d 200.x.x.x --destination-port 53 -j
> ACCEPT
> # iptables -A INPUT -p tcp -i eth1 -d 200.x.x.x --destination-port 80 -j
> ACCEPT
> # iptables -A INPUT -p tcp -i eth1 -d 200.x.x.x --destination-port 110 -j
> ACCEPT
> # iptables -A INPUT -p tcp -i eth1 --destination-port 1026:65000 -m
> limit --limit 1/s -j LOG
> # iptables -P INPUT DROP
>
>
> I´m logging ports 1026:65000, I would like to log all ports except 21, 25,
> 53, 80, 110.
> What should I do?
> Any other suggestion for my config?
>
> Thanx
> Paulo Augusto
--
_________________________________________________
Dominic Lessard, ing. stag.
Software Developer, Colubris Networks
www.colubris.com
Dominic.Lessard@colubris.com
Tel: (450) 680-1661 x126 Fax: (450) 680-1910