[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipchains-list
Subject:    Re: ipchains -l
From:       raf <raf () raf ! org>
Date:       2001-10-14 1:30:24
[Download RAW message or body]

Karl Dahlke wrote:

> I'm currently migrating my firewall from 2.2 to 2.4 - from ipchains to iptables.
> Is it really true that in iptables,
> you have to write the rule twice,
> once to log it and once to activate the target?
> That's what the man page indicates.
> That's how the program seems to act.
> But I can't believe it is this inconvenient!
> Don't they have a simple -l flag like ipchains
> that logs the ruel and then does the -j?
> 
> Karl Dahlke

correct but you presumably only need to do that for the packets
that you don't accept so you should only need the -l rule once
or at most in a few places.

if you think this is inconvenient, consider the benefit of
being able to limit the number of log messages that netfilter
generates. this features prevents logging from becoming a self
inflicted dos whenever you are port scanned.

raf

[prev in list] [next in list] [prev in thread] [next in thread]