On Wed, 2007-06-20 at 07:42 -0700, ann kok wrote: > Can iptables have log and deny rule together? > if no. how can I make a deny rule and log rule Yes, it can. Do the logging before the denying. After the denying, there's nothing happening to log. If you had any logging afterwards, you'd be proving that the deny didn't work. -- (This box runs Centos 5.0, my others still run FC 4, 5, 6, & 7, in case that's important to the thread.) Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.
