2011/4/1 Flavio A. Reis <reis.falexandre@gmail.com>:
> Hello,
> friends, you can log into all that iptables is being blocked without logging
> rules ACCEPT.
> Example:
> My Firewall has only opened the ports (80, 443, 53).
> You can log all other connection attempts?
> Thanks
> att
sure.
- Set Default Policy for INPUT to DROP
- Create Rule for ACCEPT 80,443,53
- Append logging Rule (if the packets end here, it will be dropped);
maybe with Prefix "DROP:"
- change logrotate rules (you will get a lot of log entries).
Greetings,
Björn
--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/AANLkTinuz0QCMx2FMJH+2LCadnWC_dn2QG+gtbLsXU7B@mail.gmail.com
No comments:
Post a Comment