Yes, you always need 2 different rules. However, you can create a new chain (eg log-and-drop) that contains those 2 rules, and have your regular chains jump there if needed.
Code:
iptables -N log-and-drop # create new chain
iptables -A log-and-drop -j LOG --log-prefix 'SWAMP-THING'--log-level 4
iptables -A log-and-drop -J DROP
iptables -A INPUT -s 10.1.1.115 -j log-and-drop
You might also want to limit the number of log messages by using the (aptly named) limit module (described here), lest someone DoS' your server by filling the log file.
Hi,
I need to redirect internal internet requests to a auth client site siting on the gateway. Currently users that are authenticated to access the internet have there mac address listed in the FORWARD chain. All other users need to be redirected to a internal site for authentication.
Can... (1 Reply)
Hello,
I am currently trying to limit incoming UDP length 20 packets on a per IP basis to 5 a second using IPTables on a Linux machine (CentOS 5.2).
Basically, if an IP is sending more than 5 length 20 UDP packet a second to the local machine, I would like the machine to drop the excess... (1 Reply)
Hello, excuse my English. Please could tell me how I can pass this syntax for iptables to ipfw.
iptables -A OUTPUT -p tcp --dport 80 -m state --state NEW -m recent
--set --name thor --rdest -j ACCEPT
iptables -A INPUT -p tcp -m tcp --tcp-flag RST RST -m state --state
ESTABLISHED -m recent... (0 Replies)
I would like to copy data flow (not redirect!!!) from 1567 port
to another 1194 port on same computer. The 1567 Port already binded by Scream program (it is bisy). Is it possible to do it by iptables or for it nesessary another programs? Can you help me in the decision of this question? (1 Reply)
Hi,
Can someone help to explain what is --to-source in
the iptables rule below:
iptables -t nat -A POSTROUTING -s 192.168.1.100 -o eth0 \
-j SNAT --to-source 97.158.253.26
especially why the option has double dash (--)
is it a comment?
Thanks (1 Reply)
I am looking for an iptables command to allow incoming UDP packets for my Linux server
also is there a command I can use to set the default action for outgoing packets to accept?
Thank you (1 Reply)
I want to SSH to 192.168.1.15 Server from my machine, my ip was 192.168.1.99
Source Destination was UP, with IP 192.168.1.15.
This is LAN Network there are 30 Machine's Connected to the network and working fine, I'm Playing around the local machine's because I need to apply the same rules in... (2 Replies)
Discussion started by: babinlonston
2 Replies
LEARN ABOUT SUSE
iptables-apply
iptables-apply(8) System Manager's Manual iptables-apply(8)NAME
iptables-apply - a safer way to update iptables remotely
SYNOPSIS
iptables-apply [-hV] [-t timeout] ruleset-file
DESCRIPTION
iptables-apply will try to apply a new ruleset (as output by iptables-save/read by iptables-restore) to iptables, then prompt the user
whether the changes are okay. If the new ruleset cut the existing connection, the user will not be able to answer affirmatively. In this
case, the script rolls back to the previous ruleset after the timeout expired. The timeout can be set with -t.
When called as ip6tables-apply, the script will use ip6tables-save/-restore instead.
OPTIONS -t seconds, --timeout seconds
Sets the timeout after which the script will roll back to the previous ruleset.
-h, --help
Display usage information.
-V, --version
Display version information.
SEE ALSO iptables-restore(8), iptables-save(8), iptables(8).
LEGALESE
iptables-apply is copyright by Martin F. Krafft.
This manual page was written by Martin F. Krafft <madduck@madduck.net>
Permission is granted to copy, distribute and/or modify this document under the terms of the Artistic License 2.0.
2006-06-04 iptables-apply(8)