how to log dropped packet

Jose Maria Lopez jkerouac at bgsec.com
Tue Sep 28 16:30:51 CEST 2004


El mar, 28 de 09 de 2004 a las 16:21, Aleksandar Milivojevic escribió:
> Use the LOG target.
> 
> However, if this is your firewall host toward Internet, are you sure you 
> want to log *everything* that is dropped?  There are so many worms and 
> automatic scanning tools out there that your logs will get *huge* with 
> nothing but crap very fast.  This is especially true for Windows 
> specific TCP and UDP ports.  Anything that might be interesting will get 
> completely lost in all that noise.

He could use the -m limit match to limit the number of logs
he is having. It's interesting to do so for ports like
445 and so.
-- 
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac at bgsec.com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
                -- Jack Kerouac, "On the Road"




More information about the netfilter mailing list