Mike Wohlgemuth wrote:
Here's what I do:
-N LOGDROP
-A LOGDROP -j LOG --log-prefix "$IPTABLES drop:"
-A LOGDROP -j DROP
Then you can add lines for the things you want logged like this:
-A INPUT -s www.xxx.yyy.zzz/aa -j LOGDROP
Now that works great (I removed the $ from it.) The only, small,
issue is that I'd like some kind of identifier when it logs, instead of
just saying 'IPTABLES drop:'. Is there a way of saying something like,
'all these IP ranges belong to .ru domains' and then when it logs the
packet, to have the prefix say 'IPTABLES drop .ru: ' And do the same
for other ranges that are defined (at the moment they have .ru, .hk,
.cn, etc., etc. blocked.)
Or do I have to create individual chains for each one, and change
the prefix on each?
