IPSet Log and drop.

Rob Carlson rcarlson at kitchenandassociates.com
Thu Apr 21 19:24:14 CEST 2005


Sorry if this is a dupe, the first one didn't seem 
to go through...

I'm currently using ipset to block some large
blocks of addresses.  It seems to be working well,
but a couple of rogue emails have gotten through.
  This is not my concern right now, rather I would
like to see what _is_ being caught and try to
establish a pattern/ratio.

I've found that with vanilla IPTables, to log and
block one sets up two rules, first the LOG
statement, then immediately following, the DROP
statement.  However since I am using a nethash in
IPSet, I wonder if this approach would work, or
whether scanning the hash twice to invoke each
operation would be counter to the reason for using
the IPset nethash.

I have created a nethash with my "undesirable"
address blocks, and then ran:
iptables -A testhash -m set --set testhash src -j DROP

Would it be counter-productive to have:
iptables -A testhash -m set --set testhash src -j LOG
iptables -A testhash -m set --set testhash src -j
DROP?


Thanks,

Rob





More information about the netfilter mailing list