logging and droping bad tcp packets
Seferovic Edvin
edvin.seferovic at kolp.at
Mon Oct 17 15:44:48 CEST 2005
Hi and thank you for the answer Derick....
I set it as
Iptables -t mangle -A PREROUTING ..... -j DROP ... I suppose Ill keep the
packages rather far away from the "real" iptables chains that are used for
filtering... critics?
Regards,
Edvin Seferovic
-----Original Message-----
From: Derick Anderson [mailto:danderson at vikus.com]
Sent: Montag, 17. Oktober 2005 15:26
To: edvin.seferovic at kolp.at; netfilter at lists.netfilter.org
Subject: RE: logging and droping bad tcp packets
> Hi,
>
>
>
> I would like to log and drop bad TCP packets on all my
> interfaces... but in my eyes it means that I would have to
> write every rule three times. Is there a way to simplify this
> or should I really write those rules for every interface.. or
> can I just enter eth+ in the input chain for all my ethernet
> interfaces?
>
>
> Thank you in advance
>
>
>
> Regards,
>
>
>
> Edvin Seferovic
>
Just don't specify an interface and the rule will apply to all of them.
Put the 'bad tcp packets' ruleset at the top of your INPUT/FORWARD chain
(whichever is appropriate) before you start doing your interface
specific rules. For purposes of logging (and are you planning to read
the logs?) you won't be able to make an interface-specific label but
otherwise everything should work fine.
Derick Anderson
More information about the netfilter
mailing list