Thor wrote:
>Hi
>
>
>>I'm not sure I understand you correctly, but how about this:
>>
>>## 0 == LOG
>>## 1 == DROP
>>## 2 == LOG & DROP
>>LOGTCP=2;
>>if [ $LOGTCP -eq 0 ]; then
>> #Log forbidden TCP datagrams
>> iptables -A TCP --protocol tcp -m limit --limit 1/minute \
>> --limit-burst 4 -j LOG --log-level DEBUG --log-prefix 'Denied TCP: '
>>elif [ $LOGTCP -eq 1 ]; then
>> # Disallow NEW and INVALID incoming from the external interface
>> iptables -A TCP -i $EXTIFACE -m state --state NEW,INVALID -j DROP
>> # Drop all TCP
>> iptables -A TCP -j DROP
>>elif [ $LOGTCP -eq 2 ]; then
>> #Log forbidden TCP datagrams
>> iptables -A TCP --protocol tcp -m limit --limit 1/minute \
>> --limit-burst 4 -j LOG --log-level DEBUG --log-prefix 'Denied TCP: '
>> iptables -A TCP --protocol tcp -m -j DROP
>>fi
>>
>>- James
>>
>
>if the question is the above then IMHO is better to use the "case" statement
>
>case "$LOGTCP" in
> 0) #Log forbidden TCP datagrams
> iptables -A TCP --protocol tcp -m limit --limit 1/minute \
> --limit-burst 4 -j LOG --log-level DEBUG --log-prefix
>'Denied TCP: ';
> ;;
> 1) # Disallow NEW and INVALID incoming from the external interface
> iptables -A TCP -i $EXTIFACE -m state --state NEW,INVALID -j
>DROP;
> # Drop all TCP
> iptables -A TCP -j DROP;
> ;;
> 2) #Log forbidden TCP datagrams
> iptables -A TCP --protocol tcp -m limit --limit 1/minute \
> --limit-burst 4 -j LOG --log-level DEBUG --log-prefix
>'Denied TCP: ';
> iptables -A TCP --protocol tcp -m -j DROP;
> ;;
>esac
>
>
>
>
>---
>;---+---;
>bye |
>bye |hor
>
Thanks for both of your replies. I guess my initial message might not
have been to clear, I'm glad to see that you guys got the essential goal
that I was working towards.
Are there any books on bash scripting that any of you would recomemd? I
have browsed through the Advanced BASH scrypting HOW-TO over at
Linuxdoc, but I'd rather have something on paper.
Thanks again,
Stef
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
