how to log dropped packet
Jose Maria Lopez
jkerouac at bgsec.com
Tue Sep 28 16:30:51 CEST 2004
El mar, 28 de 09 de 2004 a las 16:21, Aleksandar Milivojevic escribió:
> Use the LOG target.
>
> However, if this is your firewall host toward Internet, are you sure you
> want to log *everything* that is dropped? There are so many worms and
> automatic scanning tools out there that your logs will get *huge* with
> nothing but crap very fast. This is especially true for Windows
> specific TCP and UDP ports. Anything that might be interesting will get
> completely lost in all that noise.
He could use the -m limit match to limit the number of logs
he is having. It's interesting to do so for ports like
445 and so.
--
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac at bgsec.com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA
The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
-- Jack Kerouac, "On the Road"
More information about the netfilter
mailing list