I found this, which makes the output much clearer:
http://logi.cc/linux/NetfilterLogAnalyzer.php3
But I still do not see where the chain is specified in the log.
On May 27, 2004, at 1:09 PM, Erik Kamerling wrote:
> You can use snort to do this using plugins from the /contrib directory.
> Yet this is considered dangerous in many ways since your own software
> could be used as a vector to DoS you.
>
> You can find out about it in section 5.6 and 5.7 of the snort FAQ.
> http://www.snort.org/docs/FAQ.txt
>
> Good luck.
>
> Erik
>
>
> On Thu, 2004-05-27 at 12:08, krunk wrote:
>> I'm attempting to create iptable rules given a log output, but I'm
>> having trouble finding any good documentation on the topic. I've tried
>> doing a direct translation myself, but being an iptable newbie haven't
>> been too successful.
>>
>> For example, here is a drop log from an attempted usenet connection
>> from one of my clients:
>>
>> May 27 10:57:40 tuxmac DROPl:IN=eth1 OUT=ppp0 SRC=$INTIP
>> DST=216.77.188.18 LEN=44 TOS=0x00 PREC=0x00 TTL=63 ID=54700 DF
>> PROTO=TCP SPT=56485 DPT=119 WINDOW=65535 RES=0x00 SYN URGP=0
>>
>> My goal is to make an interactive program which will create exact,
>> meaningful rules from log entries.
>>
>> cheers,
>>
>> james
>>
>> ___________________
>> Nolug mailing list
>> nolug@nolug.org
>>
>
> ___________________
> Nolug mailing list
> nolug@nolug.org
>
___________________
Nolug mailing list
nolug@nolug.org
Received on 05/27/04
This archive was generated by hypermail 2.2.0 : 12/19/08 EST