[Dshield] One More Nitwit's IPTable Question :-(

Nels Lindquist nlindq at maei.ca
Thu Oct 30 23:15:38 GMT 2003


On 30 Oct 2003 at 17:24, David C. Hart wrote:

> Am I to assume that those using IPTables to report data to DShield are
> reporting their LAN interface IP as the destination IP (in contrast to
> the host IP)? If not, I'll need to revisit my drawing board this
> weekend.

You can set up iptables to log anything.  Through use of the 
"--log-prefix" option, you can label different logs to differentiate 
them in your logfile.  By configuring the DShield client with the 
appropriate regexp, you can then constrain which logs are actually 
reported.

Ideally, you should only report those packets blocked by your 
firewall which are destined for a routeable IP address.

----
Nels Lindquist <*>
Information Systems Manager
Morningstar Air Express Inc.




More information about the list mailing list