On Thu, 2008-01-24 at 17:15 -0800, Bob Kinney wrote: > I still haven't got my brain around the whole iptables configuration, but right > off I notice that there are no directives to actually log anything. Being a > rookie, I like to keep things as stock as possible (so as not to blow up the > GUI config program), so where would you put the LOG directive in this setup? There is, and it's called LOG. man iptables /LOG (Slash followed by a keyword being a way to search for that keyword.) Here's an example iptables command line involving logging: iptables --append INPUT --jump LOG --protocol icmp --in-interface ppp+ --icmp-type destination-unreachable --log-prefix "firewall-ICMP-unreachable: " The actual logging, in this case, ends in in /var/log/messages. I'm logging a particular type of thing. I've prefixed the log entry with some keywords I'll search for in the log files, later on. You don't have to include a prefix. I use the long form of parameters (--append instead of -a), as I remember them better, and it's more apparent what things mean in examples. You don't have to use them. The short and long versions, as you find in the man file, are equivalent (unless it says otherwise). -- (This computer runs FC7, my others run FC4, FC5 & FC6, in case that's important to the thread.) Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.