Re: [fwAnalog] fwanalog sample report

From: William Wong (willwong~AT~corefusion.com)
Date: Tue Aug 20 2002 - 02:52:39 CEST



Ah very cool. Thanks.

> Hi,
>
> * William Wong <willwong~AT~corefusion.com> [2002-08-19 22:49]:
> > I noticed there's a log prefix report style. I'm running a default
> > Redhat 7.3 config with newest fwanalog and I'm wondering why that report
>
> You have to change your block rules so that they log the log prefix.
>
> Don't use spaces in your log prefixes except at the end, like in my
> examples below.
>
> iptables -A badhosts $log_limit -j LOG --log-prefix 'badhost '
>
> iptables -A spoofed -i $iface_inet -s $address -j LOG --log-prefix
'spoofed_src_in '
>
> iptables -A nmap -p tcp --tcp-flags SYN,RST SYN,RST $log_limit -j
LOG --log-prefix 'nmap_syn/rst_scan '
>
> iptables -A INPUT -i $iface_inet $log_limit -j LOG --log-prefix
'unspecified_in '
>
> Regards
> --
> _________________________________________________________________________
> Balázs Bárány balazs~AT~tud.at http://tud.at ICQ 10747763
>
> A good engineer will make considerable effort to avoid additional effort.
>
>
> _______________________________________________
> fwAnalog mailing list
> fwAnalog~AT~tud.at
> http://tud.at/cgi-bin/mailman/listinfo/fwanalog
>



This archive was generated by hypermail 2.1.4 : Tue Aug 20 2002 - 03:02:04 CEST