NTP, ntpdate, and ISP-based firewall
Don Levey
fedora-list at the-leveys.us
Thu Mar 4 21:27:16 UTC 2004
fedora-list-admin at redhat.com wrote:
> No, there is no difference between REJECT and DROP in that issue. To
> log REJECTs and DROPs (I dislike DROP much) you have to set up proper
> logging rules with iptables. As an example you might log events with
> something like:
>
> iptables -A INPUT -i ppp0 -p tcp -m tcp --tcp-flags
> FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -m limit --limit 10/min -j LOG
> --log-prefix "NMAP-XMAS SCAN: " --log-level 7 --log-tcp-options
> --log-ip-options
>
And just as I was looking into how to log events...
Two quick questions:
1) Since placement matters, should I put this at the beginning of my iptables file, or at the end?
2) Is that all one line, or four (as above)?
-Don
More information about the fedora-list
mailing list