newbie question (LOG problem)D
Ralf Gross
Ralf-lists@ralfgross.de
Fri, 25 Jan 2002 13:26:01 +0100 (CET)
>According to you is there something wrong?
>
>#!/bin/bash
>
>if [ "$1" = "start" ]
>then
> echo "Starting firewall ......"
> iptables -P INPUT DROP
> iptables -A INPUT -j ACCEPT
> iptables -A INPUT -m state --state ESTABLISHED, RELATED -j
ACCEPT
> iptables -A INPUT -j LOG --log-prefix 'bad input:'
>elif [ "$1" = "stop" ]
>then
> echo "Stopping firewall ....."
> iptables -F INPUT
> iptables -P INPUT ACCEPT
>fi
Are these all of your rules? Your default policy for INPUT is DROP, but
with iptables -A INPUT -j ACCEPT you accept all input connections! After
that, the processing of your INPUT chain stops, because the first rule
maches. The LOG rule will never match. Remeber: The first rule that
matches ends the processing of a chain, except a LOG rule. So, if you want
to log INPUT packets, put the LOG rule before the ACCEPT rule (are you
sure you want to accept everything?)
Ralf