On Tue, Aug 19, 2008 at 5:04 PM, Kenneth Porter <[EMAIL PROTECTED]> wrote: > --On Tuesday, August 19, 2008 10:15 AM -0500 David Dyer-Bennet > <[EMAIL PROTECTED]> wrote: > >> That's the right general approach; duplicate the drop rule but with a LOG >> target and appropriate logging parameters. > > Another approach is to create a subchain that just logs and drops (no match > rules), and in your main chain you match on the desired packet and jump to > the subchain. That eliminates the need to maintain the same match in two > places, and reduces the number of rules a non-dropped packet has to pass > through. >
Could you post a sample, using the OP's example as a base? Thanks. mhr _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
