Some ruleset-related questions

[Andrew Heberle]

> my logs started to fill with log strings similar to this one: IN=ppp0 
> OUT= MAC= SRC=11.12.13.14 DST=1.2.3.4 LEN=48 TOS=0x00 PREC=0x00 TTL=52 
> ID=1607 DF PROTO-TCP SPT=80 DPT=49572 WINDOW=32120 RES=0x00 ACK SYN 
> URGP=0

The behaviour you mention looks like connections which have expired 
(according to conntrack) but the other end doesn't know it yet.  Certain 
web servers do this, I got around the DNS one by ACCEPT'ing DNS 
connections from my ISP's DNS.

> 2. Speaking of logging, I'm not quite sure what happens to the packets
> after they get logged via the LOG target

They continue their merry way until they are ACCEPT'ed, DROP'ped, 
REJECT'ed or hit the end of the chain where the chain policy comes into 
play.

> 3. ipchains' log entries used to have a field which informed me which 
> rule got the packet logged. Is there anything like that among netfilter's
> log data?

No you set this manually with --log-prefix "Blah: " on your LOG rule. 
 It would be nice to have some sort of thing like that though.

> 4. Last but not least: any comments regarding the ruleset

Not at the moment :)