This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

wanted feature : rulenumber in the logs

Hi astaros,

some times before i have asked about the following feature :

is it possible to show the matching rule-number in the logs just like in checkpoint FW-1 ??

at the time i asked it you said yes we have noticed it and look for. But now whats about it ?
Question to all in the ubb am i the only one who wants this feature ????????

thanks
firebear

This thread was automatically locked due to age.

Parents

0 elcolonel over 22 years ago

i would like to have that feature too.
it would make debuggin the firewall-rules a lot easier.

just my 2 cents.
Cancel
Vote Up 0 Vote Down

Cancel
0 anonymous_02 over 22 years ago in reply to elcolonel

Hello firebear, elcolonel.

I am sorry, but printing the matching rule number in a log entry is not possible via iptables.

Because the ASL LOGDROP/LOGREJECT policies are not a single operation (they are 3 iptables operations: match the packet, log the packet, DROP/REJECT the packet), there is IMHO not even the possibility to add this feature to iptables.

Even if the feature would exist: If your ruleset changes by only a single rule, all your log entries would have wrong rulenumbers.

Sorry

Daniel
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 anonymous_02 over 22 years ago in reply to elcolonel

Hello firebear, elcolonel.

I am sorry, but printing the matching rule number in a log entry is not possible via iptables.

Because the ASL LOGDROP/LOGREJECT policies are not a single operation (they are 3 iptables operations: match the packet, log the packet, DROP/REJECT the packet), there is IMHO not even the possibility to add this feature to iptables.

Even if the feature would exist: If your ruleset changes by only a single rule, all your log entries would have wrong rulenumbers.

Sorry

Daniel
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data