Robert Spangler on 31 Jan 2011 11:16:27 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] iptables question

On Monday 31 January 2011 12:38, Julien Vehent wrote:

>  In addition to David's rule, I would add that a default DROP policy is
>  not very practical because you cannot log what you drop.
>  Instead, you should consider adding a DROP rule at the end of your
>  ruleset (thus applied to everything that isn't accepted by the preceding
>  rules) containing a jump to a custom chain that logs before dropping
>  packets. Such as:

I have to disagree with logging every dropped packet.  Here is why.

While logging is good thing, to much logging is a nightmare.  For the simple 
reason you fill up your logs with information that is useless and going over 
the logs is a task because you have too much useless information in them.  
What do you care if someone is trying to log into port(s) you don't have 

The only thing I have in my DROPLOG chain, that logs, are ports that I have 
opened.  If they are dropped I want to know about them not the ports I have 

Now if you are looking to block everyone who is scanning your system then you 
need to log everything because you need to know about ports that are not 



The adventure of a lifetime.

Linux User #296285
Get Counted
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --