Re: [fwAnalog] fwanalog sample report

From: Balázs Bárány (
Date: Mon Aug 19 2002 - 23:58:50 CEST


You have to change your block rules so that they log the log prefix.

Don't use spaces in your log prefixes except at the end, like in my examples below.

iptables -A badhosts $log_limit -j LOG --log-prefix 'badhost '

iptables -A spoofed -i $iface_inet -s $address -j LOG --log-prefix 'spoofed_src_in '

iptables -A nmap -p tcp --tcp-flags SYN,RST SYN,RST $log_limit -j LOG --log-prefix 'nmap_syn/rst_scan '

iptables -A INPUT -i $iface_inet $log_limit -j LOG --log-prefix 'unspecified_in '


Balázs Bárány       ICQ 10747763

A good engineer will make considerable effort to avoid additional effort.

This archive was generated by hypermail 2.1.4 : Tue Aug 20 2002 - 00:02:03 CEST