[prev in list] [next in list] [prev in thread] [next in thread]
List: ipchains-list
Subject: Re: ipchains -l
From: raf <raf () raf ! org>
Date: 2001-10-14 1:30:24
[Download RAW message or body]
Karl Dahlke wrote:
> I'm currently migrating my firewall from 2.2 to 2.4 - from ipchains to iptables.
> Is it really true that in iptables,
> you have to write the rule twice,
> once to log it and once to activate the target?
> That's what the man page indicates.
> That's how the program seems to act.
> But I can't believe it is this inconvenient!
> Don't they have a simple -l flag like ipchains
> that logs the ruel and then does the -j?
>
> Karl Dahlke
correct but you presumably only need to do that for the packets
that you don't accept so you should only need the -l rule once
or at most in a few places.
if you think this is inconvenient, consider the benefit of
being able to limit the number of log messages that netfilter
generates. this features prevents logging from becoming a self
inflicted dos whenever you are port scanned.
raf
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic