On Wed, 07 Dec 2005 12:34:23 -0600, Gregory P. Ennis wrote: > List, > > I am working on some iptables nat forwarding logic and need to be able > to log failures into my /var/log/message file in a RH 8.0 system. I am > using a FC4 system for a gateway firewall and iptables seems to log > error packets there automatically. Is there a way to do this on RH 8.0 > as well. > > Sorry to ask a RH question on this list, but I thought there would be > someone here that would know. > > Thanks, > > Greg Ennis Suppose you have some rule that you want to log, say /sbin/iptables -A INPUT ... -j DROP Then you create an identical rule with the one above, except that you replace the target -j DROP with -j LOG --log-prefix "SOMETHING TO GREP FOR". So not only do you log, but you specify some string as well, specific to that rule, that you could easily grep for in /var/log/messages. For instance, to log all NEW tcp packets on the priviledged (low numbered) ports, you would do this: /sbin/iptables -A INPUT -p tcp -m tcp --dport 0:1023 -m state --state NEW -j LOG --log-prefix "LOW PORT TCP CONNECTION: " Here you probably don't want to have a matching -j DROP rule, because you may want to allow mail, http, etc. Be careful what you log though, because it may fill up your log files. For instance, you don't want to log an entire ftp transfer, usually the first packet (--state NEW) will do.
