how can i combine these 2 iprules
Bevan C. Bennett
bevan at fulcrummicro.com
Fri Mar 5 18:46:25 UTC 2004
Technical wrote:
> -A RH-Firewall-1-INPUT ! -s cnnp1.com -j LOG --log-prefix "IPTABLES: "
> -A RH-Firewall-1-INPUT ! -s cnnp2.com -j LOG --log-prefix "IPTABLES: "
This is potentially trickier than one might think (especially since
using the rules uncombined should result in logging most packets twice,
which I presume isn't what you want).
How do these rules fit in your general iptables config? (Are you logging
all packets? accepted packets? rejected packets?
Also, are the IP addresses of cnnp1 and cnnp2 close to each other?
I think the only way to make this work correctly (presuming you can't
collect the two hosts into a single VLSM specification) is to use
multiple rulesets.
For example...
-A RH-Firewall-1-INPUT -s cnnp1.com -j NON-LOGGING
-A RH-Firewall-1-INPUT -s cnnp2.com -j NON-LOGGING
-A RH-Firewall-1-INPUT -j LOG --log-prefix "IPTABLES: "
-A RH-Firewall-1-INPUT -j NON-LOGGING
Then put all your 'normal' rules into NON-LOGGING...
More information about the fedora-list
mailing list