Hi,
My current iptables rules are:
cat /etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Mon Aug 22 21:17:33 2011
*nat
:PREROUTING ACCEPT [493:28472]
:POSTROUTING ACCEPT [344:23920]
:OUTPUT ACCEPT [344:23920]
COMMIT
# Completed on Mon Aug 22 21:17:33 2011
# Generated by iptables-save v1.4.7 on Mon Aug 22 21:17:33 2011
*filter
:INPUT ACCEPT [12511:3538351]
:FORWARD ACCEPT [16:832]
:OUTPUT ACCEPT [11397:5249840]
COMMIT
# Completed on Mon Aug 22 21:17:33 2011
# Generated by iptables-save v1.4.7 on Mon Aug 22 21:17:33 2011
*mangle
:PREROUTING ACCEPT [92:12257]
:INPUT ACCEPT [3202:794108]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2909:931650]
:POSTROUTING ACCEPT [2909:931650]
:DIVERT - [0:0]
-A PREROUTING -d 10.10.10.30/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A PREROUTING -p tcp -m socket -j DIVERT
-A PREROUTING -p tcp -m tcp --dport 80 -j TPROXY --on-port 3129
--on-ip 0.0.0.0 --tproxy-mark 0x1/0x1
-A PREROUTING -j LOG
-A DIVERT -j MARK --set-xmark 0x1/0xffffffff
-A DIVERT -j ACCEPT
COMMIT
Is it correct use of log options?I want to log everything for my logs
. i want to see what happening with socket match and what happening
with tproxy match options
Please guide me for that.my use of log rule is valid or?
Thanks,
Tej
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
[Linux Netfilter Development]
[Linux Kernel Networking Development]
[Linux Networking Development]
[Linux Kernel Development]
[Linux Resources]
[LARTC]
[Bugtraq]
[Consulting]
[Free Internet Dating]
[Yosemite Forum]
[Photo]
