Linux has a sohpisticated firewall built right into the kernel: It’s called
I’m pretty sure you heard about it.
You can do realy crazy things with iptables.
But here I just want to log how to log+drop a packet in a single rule.
Usually, you would probably do something like that:
Works perfectly, but dramatically messes your rules table up.. Especially, if you want to log+drop packets that match a complicated filter. You’ll end up with twice as many table entries as desired..
The trick is to instead create a new rule chain that will log+drop in sequence:
So here I created a new chain called
We can now append (
-A) two new rules to that chain, which do the actual drop+log:
(similar like the first code above, just not for the
INPUT chain but for the
That’s basically it!
If you now need to log+drop a packet you can append a new rule to e.g. the
INPUT chain that routes the packet to the
You should consider to limit the number of redundant log entries per time to prevent flooding of your logs..
For more documentation you should consult the manual of