Re: cleaning up my firewall script...

[Bjoern Schmidt <bj-schmidt@uni-paderborn.de>]

Mike Mestnik wrote:
> IIRC you can pass logs to any facility and level, even making up your own.  Then you add something
> like...
> # in /etc/syslog.conf
> myfacility.*      /var/log/netjunk.log

For this i can use the ULOG target, but you asked for the whole
packet...

> --- Bjoern Schmidt <bj-schmidt@uni-paderborn.de> wrote:
>
> > Mike Mestnik wrote:
> >
> > > That's surprising...
> > > It could be pkts from a non IP interface(maby your loopback?) or from a non IP protocol?  Even
> >
> > so
> >
> > > they should have been caught by your blank rule.  This would seam like a problem, one that
> >
> > could
> >
> > > be explotable.  See if you can catch the pkts in question with tcpdump or the like, that might
> >
> > be
> >
> > > helpfull.
> >
> >
> > Is there any netfilter target which redirects packets into one or more
> > files? An existing FILELOGGER target would be great:
> >
> > iptables -P INPUT -j FILELOGGER --d-folder /slippedpackets/
> >
> > Then i could change the chain policy to save these packets in an easier
> > way than using tcpdump...
> >
> > --
> > Greetings
> > Bjoern Schmidt
> >
> >
> >
> > --
> > To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Finance: Get your refund fast by filing online.
> http://taxes.yahoo.com/filing.html


--
Mit freundlichen Gruessen
Bjoern Schmidt