[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ipchains logs and nmap audit



On  0, Ira Abramov <lists-linux-il@ira.scso.com> wrote:
> On Sat, 22 Jan 2000, Subba Rao wrote:
> 
> > 
> > I have several ipchain rules. One of them is:
> > 
> > ipchains -A input -i ppp0 -p TCP --destination-port 21 -l -j DENY
> > 
> > Why are these ipchains not doing any logging?  I do have the -l option
> 
> from what you described it doesn't drop the packet either. look if you
> didn't allow it in a previous rule.
> 
> on the whole, I recommend to set the policy to deny then open just what
> you need.
> 
> http://scso.com/linux/firewall.init.html
> 

I agree with you regarding the "deny first and then open as needed" policy.
My concern is the logging. Why is my own self audit not getting logged?
The audit is being performed on the IP address of the ppp0 interface.

PS - I will further tweak my rules. You have a good structured firewall script.

Subba Rao
subb3@attglobal.net
http://pws.prserv.net/truemax/

 => Time is relative. Here is a new way to look at time. <=
http://www.smcinnovations.com

=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il