[squid-users] Packets logged as blocked even Firewall (IPtables) accepts them ...
Antony Stone
Antony.Stone at squid.open.source.it
Wed Jul 19 09:31:32 UTC 2017
On Wednesday 19 July 2017 at 10:16:30, Walter H. wrote:
> I added these rules, and will see which packets are caught
>
> -A INPUT -m state --state INVALID -j LOG --log-prefix "IP[IN(invalid)]: "
> --log-level 7
> -A FORWARD -m state --state INVALID -j LOG --log-prefix "IP[FWD(invalid)]:
> " --log-level 7
> -A OUTPUT -m state --state INVALID -j LOG --log-prefix "IP[OUT(invalid)]:
> " --log-level 7
>
> and not by these after:
>
> -A INPUT -j LOG --log-prefix "IP[IN]: " --log-level 7
> -A FORWARD -j LOG --log-prefix "IP[FWD]: " --log-level 7
> -A OUTPUT -j LOG --log-prefix "IP[OUT]: " --log-level 7
Note that any packets caught by the first rules will *also* be caught by the
second rules (since there is no DROP in between, and the second rule does not
exclude INVALID), so don't be surprised when you see log entries from both
rules for the same packet.
Antony.
--
Python is executable pseudocode.
Perl is executable line noise.
Please reply to the list;
please *don't* CC me.
More information about the squid-users
mailing list