fedora-list-admin@xxxxxxxxxx wrote: > No, there is no difference between REJECT and DROP in that issue. To > log REJECTs and DROPs (I dislike DROP much) you have to set up proper > logging rules with iptables. As an example you might log events with > something like: > > iptables -A INPUT -i ppp0 -p tcp -m tcp --tcp-flags > FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -m limit --limit 10/min -j LOG > --log-prefix "NMAP-XMAS SCAN: " --log-level 7 --log-tcp-options > --log-ip-options > And just as I was looking into how to log events... Two quick questions: 1) Since placement matters, should I put this at the beginning of my iptables file, or at the end? 2) Is that all one line, or four (as above)? -Don
