I’d like to log all my firewall events to a syslog server (already got that part down) but when enabling the action of logging, it seems I’m going to have to recreate all of my filter entries (lots). Is there a way around this? I just want to log all the filtered traffic but don’t want to double my filtered rules…
Not sure if this works or not, but thinking about it…
Change your action to jump to a new chain…
In that chain, have two rules, log, and then drop…
Should work…
Wazza
Yeah, custom chains are the filter rule equivalent of subroutines. Very useful when you want to do several actions based on multiple triggers. You can even return to the chain that you came from if the custom chain doesn’t terminate (accept, reject, drop, tarpit) the packet. Just remember that every chain ends with an implicit accept if you don’t do something else.