[an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive]
 
[an error occurred while processing this directive] [an error occurred while processing this directive]
Skåne Sjælland Linux User Group - http://www.sslug.dk Home   Subscribe   Mail Archive   Forum   Calendar   Search
MhonArc Date: [Date Prev] [Date Index] [Date Next]   Thread: [Date Prev] [Thread Index] [Date Next]   MhonArc
 

Re: [NETVAERK] IPTABLES til 4netkort



Hej Per

Et trick, som jeg selv har haft megen glæde af under indkørsel af
iptables, er at bruge log-faciliteten. Jeg har lavet en lille kæde, der
hedder LogAndDrop:

#
# Create the log-and-drop chain
#
$iptables -N LogAndDrop
$iptables -A LogAndDrop -j LOG --log-prefix 'kernel: '
$iptables -A LogAndDrop -j DROP
#

Alle de steder, hvor jeg gerne vil se, hvorfor en pakke bliver droppet,
retter jeg så -j DROP til -j LogAndDrop. Samtidig bruger jeg 'tail -f'
på systemloggen - /var/log/messages i mit tilfælde.

En enkelt kommentar til dine regler: Jeg har fundet ud af, at det i
mange situationer er en rigtig dårlig ide at sætte default policy til
DROP. Hvorfor? Jo, i det øjeblik, man bruger -F-kommandoen (som ikke
ændere på default policy) på en kæde, er der kun default policy tilbage
og når den siger 'drop' så kommer der i hvert fald ikke noget igennem.
Jeg bruger selv at sætte en eksplicit DROP-regel sidst i mine kæder.

Forresten, så kan du bruge -X-komandoen til at slette alle dine egne
kæder i ét hug, så behøver du ikke at sige -F til hver enkelt kæde.

Jeg håber du får det til at virke. Husk KISS-princippet.

Mvh  Bent


 
Home   Subscribe   Mail Archive   Index   Calendar   Search

 
 
Questions about the web-pages to <www_admin>. Last modified 2006-09-01, 02:01 CEST [an error occurred while processing this directive]
This page is maintained by [an error occurred while processing this directive]MHonArc [an error occurred while processing this directive] # [an error occurred while processing this directive] *