Thanks! Now I have logging back. Is there any way to not log the MAC
address of the offending IP address?
-BA
----- Original Message -----
From: "Derek Glidden" <dglidden@illusionary.com>
To: <slug@nks.net>
Sent: Monday, July 02, 2001 10:59 AM
Subject: Re: [SLUG] iptables packet drop logging
> "Brian S. Armstrong" wrote:
> >
> > Is there any way to get iptables to log the DROP packets to
> > /var/log/messages the same way iptables does with the DENY packets?
>
> iptables -A FORWARD -p tcp -p 25 -j LOG --log-prefix "DROP: "
> --log-level info
> iptables -A FORWARD -p tcp -p 25 -j DROP
>
> just make sure you match the same set of parameters for both your LOG
> and DROP rules and you accomplish what you're looking for. It looks
> redundant but is more flexible than the old "-l" option.
>
> --
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> #!/usr/bin/perl -w
> $_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$t=255;@t=map
> {$_%16or$t^=$c^=($m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;
> $t^=(72,@z=(64,72,$a^=12*($_%16-2?0:$m&17)),$b^=$_%64?12:0,@z)
> [$_%8]}(16..271);if((@a=unx"C*",$_)[20]&48){$h=5;$_=unxb24,join
> "",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$d=
> unxV,xb25,$_;$e=256|(ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=$t&($d
> >>12^$d>>4^$d^$d/8))<<17,$e=$e>>8^($t&($g=($q=$e>>14&7^$e)^$q*
> 8^$q<<6))<<9,$_=$t[$_]^(($h>>=8)+=$f+(~$g&$t))for@a[128..$#a]}
> print+x"C*",@a}';s/x/pack+/g;eval
>
> usage: qrpff 153 2 8 105 225 < /mnt/dvd/VOB_FILENAME \
> | extract_mpeg2 | mpeg2dec -
>
> http://www.eff.org/ http://www.opendvd.org/
> http://www.cs.cmu.edu/~dst/DeCSS/Gallery/
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 15:18:37 EDT