Chris Brenton cbrenton at chrisbrenton.org
Thu Aug 11 22:54:29 CEST 2005

On Thu, 2005-08-11 at 11:49, Svenne Krap wrote:
> Is there some way to get netfilter to collect rule hits (like with no -j 
> clause) for a each port/ip-address individually within a range ?
> Other than creating thousands of lines of rules and add them to my 
> "firewall-startup" script (which is currently slightly less than 80 rules).

Have LogWatch process the /var/log/message file and produce a medium
level detail report. You'll get output similar to the following:

Dropped 603 packets on interface eth3
  From - 12 packets to udp(53)
  From - 10 packets to
  From - 9 packets to
  From - 24 packets to udp(53)
  From - 8 packets to
  From - 4 packets to tcp(22,22,22,22)
  From - 4 packets to tcp(22,22,22,22)
  From - 1 packet to icmp(0)

You can then further parse it as needed. You don't need a unique log
rule for each port and/or IP. LogWatch will sort it all out for you. 


More information about the netfilter mailing list