Re: debug iptables rules

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Hi,

My current iptables rules are:

cat /etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Mon Aug 22 21:17:33 2011
*nat
:PREROUTING ACCEPT [493:28472]
:POSTROUTING ACCEPT [344:23920]
:OUTPUT ACCEPT [344:23920]
COMMIT
# Completed on Mon Aug 22 21:17:33 2011
# Generated by iptables-save v1.4.7 on Mon Aug 22 21:17:33 2011
*filter
:INPUT ACCEPT [12511:3538351]
:FORWARD ACCEPT [16:832]
:OUTPUT ACCEPT [11397:5249840]
COMMIT
# Completed on Mon Aug 22 21:17:33 2011
# Generated by iptables-save v1.4.7 on Mon Aug 22 21:17:33 2011
*mangle
:PREROUTING ACCEPT [92:12257]
:INPUT ACCEPT [3202:794108]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2909:931650]
:POSTROUTING ACCEPT [2909:931650]
:DIVERT - [0:0]
-A PREROUTING -d 10.10.10.30/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A PREROUTING -p tcp -m socket -j DIVERT
-A PREROUTING -p tcp -m tcp --dport 80 -j TPROXY --on-port 3129
--on-ip 0.0.0.0 --tproxy-mark 0x1/0x1
-A PREROUTING -j LOG
-A DIVERT -j MARK --set-xmark 0x1/0xffffffff
-A DIVERT -j ACCEPT
COMMIT

Is it correct use of log options?I want to log everything for my logs
. i want to see what happening with socket match and what happening
with tproxy match options

Please guide me for that.my use of log rule is valid or?

Thanks,
Tej
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Linux Netfilter Development]     [Linux Kernel Networking Development]     [Linux Networking Development]     [Linux Kernel Development]     [Linux Resources]     [LARTC]     [Bugtraq]     [Consulting]     [Free Internet Dating]     [Yosemite Forum]     [Photo]

Add to Google Powered by Linux