Archives
Archives
| From: | Adam Carter <adamcarter3@×××××.com> | ||
|---|---|---|---|
| To: | "gentoo-user@l.g.o" <gentoo-user@l.g.o> | ||
| Subject: | Re: [gentoo-user] IPTABLES syntax change? | ||
| Date: | Mon, 31 Dec 2012 02:57:03 | ||
| Message-Id: | CAC=wYCHdXE-fStSijw67urLgwyJCUEUYzFnioR+i+HKpRGArSA@mail.gmail.com | ||
| In Reply to: | Re: [gentoo-user] IPTABLES syntax change? by Michael Orlitzky |
||
| 1 | > > 2) Does a "-j LOG" return to the chain it was called from, or does it do |
| 2 | > > an implicit DROP? |
| 3 | > > |
| 4 | > |
| 5 | > It returns to spot where it was called from. |
| 6 | > |
| 7 | > |
| 8 | Yep, so you could create a new chain to drop and log; |
| 9 | /sbin/iptables -N logdrop |
| 10 | /sbin/iptables -A logdrop -j LOG --log-prefix 'DROP ' |
| 11 | /sbin/iptables -A logdrop -j DROP |
| 12 | |
| 13 | Then call that one |
| 14 | /sbin/iptables -A tcp_packets -p TCP --dport 80 -j ACCEPT |
| 15 | /sbin/iptables -A tcp_packets -p TCP -j logdrop |