Re: iptables frontend

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: "Michael Schwendt" <ms-nospam-0306@xxxxxxxx>
>  On Sun, 21 Dec 2003 03:09:27 -0800, jdow wrote:
>
> > {^_-}   <- Uses a fully organically grown firewall. (And REALLY wishes
> >         iptables log reports were graceful enough to include a notation
> >         denoting WHICH rule was triggered into logging a report.)
>
> You have the freedom to enhance you LOG rules with such info,
> e.g. using --log-prefix "foo".
 
This is true - at the cost of doubling the number of rules for every
rule that gets logged. A simple "-j drip-and-log-it" rule that logs
then drops a packet cannot have a per rule "--log-prefix". So I have
to clutter the rule sets with double the number of rules for those I
log. Pooey on that. NetFilter IPTables were mal-designed in this regard.
It is another of those things that is infuriatingly good. That is to say
it is nearly perfect with a major glaring huge flaw.

{^_^}




[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux