On Mon, Jul 02, 2001 at 06:57:05PM -0400, Brian S. Armstrong wrote:
> Thanks! Now I have logging back. Is there any way to not log the MAC
> address of the offending IP address?
macs are only logged in the INPUT chain, OUTPUT and FORWARD chains
don't log them
the MAC=[...] is actually two mac adresses sandwiched together. the
first one is the mac address of the interface the packet rode in on,
and the second address is the mac of the lasthop's sending interface,
the only way i know of to get rid of the MAC= once and for all is to
head for the source.
/usr/src/linux/net/ipv4/netfilter/ipt_LOG.c:
it starts on line 288 and ends on line 300 in kernel 2.4.5
> From: "Derek Glidden" <dglidden@illusionary.com>
> > "Brian S. Armstrong" wrote:
> > >
> > > Is there any way to get iptables to log the DROP packets to
> > > /var/log/messages the same way iptables does with the DENY packets?
> >
> > iptables -A FORWARD -p tcp -p 25 -j LOG --log-prefix "DROP: "
> > --log-level info
> > iptables -A FORWARD -p tcp -p 25 -j DROP
> >
> > just make sure you match the same set of parameters for both your LOG
> > and DROP rules and you accomplish what you're looking for. It looks
> > redundant but is more flexible than the old "-l" option.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 15:23:28 EDT