Here is a GREAT iptables website that will tell you how to. http://www.boingworld.com/workshops/linux/iptables-tutorial/iptables-tut orial.html
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of sixx Sent: Saturday, April 13, 2002 3:14 PM To: [EMAIL PROTECTED] Subject: iptables Logging Hi there, Was wondering if there's a way to do logging of unknown ports/traffic while not logging those known ports? I've tried the following and all doesn't work, can anyone give me a correct solution ? -A INPUT -i eth0 -p tcp -m tcp ! --sport 22 --tcp-flags FIN,SYN,ACK -j LOG -A INPUT -i eth0 -p tcp -m tcp ! --sport 110 --tcp-flags FIN,SYN,ACK -j LOG -A INPUT -i eth0 -p tcp -m tcp ! --sport 80 --tcp-flags FIN,SYN,ACK -j LOG or using chains -A INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN,ACK -j NORMPORTS -N NORMPORTS -A NORMPORTS -p tcp -m tcp ! --sport 22 -j LOG -A NORMPORTS -p tcp -m tcp ! --sport 110 -j LOG -A NORMPORTS -p tcp -m tcp ! --sport 80 -j LOG also found out that multiport doesn't work with the negate "!" eg -A INPUT -i eth0 -p tcp -m multiport ! --sports 22,80,110 --tcp-flags FIN,SYN,ACK -j LOG It accepts the "!" but when you do a iptables -L or iptables-save you'll find that the negate "!" is missing. I know why it doesn't work but i've got no clue as to how to get it working any ideas? the above would equates as logical expression if (port !=22||port !=110||port!=80) { log; } but what i'm looking at would be if (port !=22 && port !=80 && !=110){ log; } Now how do i solve this using only iptables? and not filtering the logs with regex. best regards, sixx _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
