Hi, I think this have likely been already answered, but I cant find ... I would like to log (with the rigth burst/limit) the packets accepted from the net to my network (lan-dmz-fw). I want to be sure that I will trace all sources/destinations involved. My install is based upon the three interfaces sample setup, and of course customized. How to ? Thanks -- guy
On Thu, 2003-10-30 at 13:37, Guy Marcenac wrote:> Hi, > > I think this have likely been already answered, but I cant find ... > I would like to log (with the rigth burst/limit) the packets accepted from > the net to my network (lan-dmz-fw). I want to be sure that I will trace all > sources/destinations involved. > My install is based upon the three interfaces sample setup, and of course > customized. > > How to ? >Add ":" and a log level after the ACCEPT in your ACCEPT rules. If any of the traffic that you want logged is covered by an ACCEPT policy, just add a log level to that policy. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
On Thu, 2003-10-30 at 14:21, Tom Eastep wrote:> On Thu, 2003-10-30 at 13:37, Guy Marcenac wrote: > > Hi, > > > > I think this have likely been already answered, but I cant find ... > > I would like to log (with the rigth burst/limit) the packets accepted from > > the net to my network (lan-dmz-fw). I want to be sure that I will trace all > > sources/destinations involved. > > My install is based upon the three interfaces sample setup, and of course > > customized. > > > > How to ? > > > > Add ":" and a log level after the ACCEPT in your ACCEPT rules. > > If any of the traffic that you want logged is covered by an ACCEPT > policy, just add a log level to that policy.Note that this only logs accepted connection requests and not every packet. Netfilter logging facilities are generally not suitable for auditing every packet passing through a firewall. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net