On Tue, Apr 10, 2001 at 05:48:41PM -0500, andy at theasis.com wrote: > I'm running a 2.4.2 firewall box with IPtables, and would like to > change some of the logging behavior, but don't find much help in the > man pages... > > First, the default logfile is /var/log/messages. How do I configure > it to dump all logs into, e.g., /var/log/firewall? I believe you can choose the facility and the level of the log report. Use that to filter your messages in your syslog.conf setup. If you want to get fancy, use syslog-ng or a similarily enhanced logging daemon to make use of regular expressions as well. > Second, I'm getting regular periodic pings from a particular source > to the firewall. How do I tell iptables skip logging on only pings > from that source to the firewall (but log all others)? Leave your original LOG rule in place, but place a DENY rule preceeding it to match the source IP address of the offending machine. If you happen to have more than one of these annoying machines pinging you, place them all in a separate chain and put a rule at the top of your INPUT or FORWARD chains. They call these blacklists. ;-) -- Chad Walstrom <chewie at wookimus.net> | a.k.a. ^chewie http://www.wookimus.net/ | s.k.a. gunnarr Key fingerprint = B4AB D627 9CBD 687E 7A31 1950 0CC7 0B18 206C 5AFD -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20010410/ceb2b56f/attachment.pgp