| Robert Spangler on 31 Jan 2011 11:16:27 -0800 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] iptables question |
On Monday 31 January 2011 12:38, Julien Vehent wrote: > In addition to David's rule, I would add that a default DROP policy is > not very practical because you cannot log what you drop. > Instead, you should consider adding a DROP rule at the end of your > ruleset (thus applied to everything that isn't accepted by the preceding > rules) containing a jump to a custom chain that logs before dropping > packets. Such as: I have to disagree with logging every dropped packet. Here is why. While logging is good thing, to much logging is a nightmare. For the simple reason you fill up your logs with information that is useless and going over the logs is a task because you have too much useless information in them. What do you care if someone is trying to log into port(s) you don't have open? The only thing I have in my DROPLOG chain, that logs, are ports that I have opened. If they are dropped I want to know about them not the ports I have closed. Now if you are looking to block everyone who is scanning your system then you need to log everything because you need to know about ports that are not open. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://counter.li.org/ ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug