cbrenton at chrisbrenton.org
Thu Aug 11 22:54:29 CEST 2005
On Thu, 2005-08-11 at 11:49, Svenne Krap wrote:
> Is there some way to get netfilter to collect rule hits (like with no -j
> clause) for a each port/ip-address individually within a range ?
> Other than creating thousands of lines of rules and add them to my
> "firewall-startup" script (which is currently slightly less than 80 rules).
Have LogWatch process the /var/log/message file and produce a medium
level detail report. You'll get output similar to the following:
Dropped 603 packets on interface eth3
From 188.8.131.52 - 12 packets to udp(53)
From 184.108.40.206 - 10 packets to
From 220.127.116.11 - 9 packets to
From 18.104.22.168 - 24 packets to udp(53)
From 22.214.171.124 - 8 packets to
From 126.96.36.199 - 4 packets to tcp(22,22,22,22)
From 188.8.131.52 - 4 packets to tcp(22,22,22,22)
From 184.108.40.206 - 1 packet to icmp(0)
You can then further parse it as needed. You don't need a unique log
rule for each port and/or IP. LogWatch will sort it all out for you.
More information about the netfilter