search for: logssh

...simply adding a ''#'' to lines for logging that was not desired. One could apply a similar idea to dropped packets. I also looked at some ideas using user defined variables (params), but they do not seem to be allowed for the ACTION field. The idea would be to create a variable, LOGssh for example. I would then write a rule $LOGssh eth0 fw tcp ssh If I wanted logging, I would set LOGssh="ACCEPT:debug:string"; if not, I would set LOGssh=ACCEPT. Anyway, if you have any thoughts or opinions on these comments, I would be interested. Thanks Bert