how to log dropped packet

Jose Maria Lopez jkerouac at
Tue Sep 28 16:30:51 CEST 2004

El mar, 28 de 09 de 2004 a las 16:21, Aleksandar Milivojevic escribió:
> Use the LOG target.
> However, if this is your firewall host toward Internet, are you sure you 
> want to log *everything* that is dropped?  There are so many worms and 
> automatic scanning tools out there that your logs will get *huge* with 
> nothing but crap very fast.  This is especially true for Windows 
> specific TCP and UDP ports.  Anything that might be interesting will get 
> completely lost in all that noise.

He could use the -m limit match to limit the number of logs
he is having. It's interesting to do so for ports like
445 and so.
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac at
bgSEC Seguridad y Consultoria de Sistemas Informaticos

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
                -- Jack Kerouac, "On the Road"

More information about the netfilter mailing list