On Wed, 21 May 2003 16:50:49 +0800, <Ed.Greshko@greshko.com> wrote:
> This is just FYI....or FWIW...
>
> Unless I am missing something it would seem that it may not be as easy to
> achieve full integration with fireparse as suggested.
>
> Changing the LOGMARKER parameter to "fp=" produces log entries
like:
>
> May 21 15:19:53 gangster kernel: fp=net2all:DROP:IN=eth1 OUT>
MAC=00:60:97:b8:68:88:00:a0:c5:16:de:27:08:00 SRC=61.59.129.145
> DST=61.13.250.41 LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=53062 DF PROTO=TCP
> SPT=37963 DPT=1234 WINDOW=5808 RES=0x00 SYN URGP=0
>
> This doesn''t quite match the pattern expected by fireparse...
>
>> From the fireparse README
>
> iptables -A In_New -i ppp+ -p tcp --dport 0:1023 -m state --state
> NEW,INVALID -m limit --limit 1/s -j LOG --log-prefix "fp=In_New:1
a=DROP
> "
>
> ^1 ^2 ^3 ^4
>
> Where 1, 2, 3, and 4 have a specific meaning/format.
>
Ok -- I''ll change the documentation to avoid mention of fireparse.
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
Shoreline, \ http://www.shorewall.net
Washington USA \ teastep@shorewall.net