On Tue, August 19, 2008 09:33, Matt wrote: > > I would like log entries when connections are dropped to see that its > working. How do I do that? > > I am guessing I would add this before the drop. > > iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent > --update --seconds 60 --hitcount 5 --rttl --name SSH -j LOG > --log-prefix 'SSH attack: ' > > Is that right? Thanks. That's the right general approach; duplicate the drop rule but with a LOG target and appropriate logging parameters. -- David Dyer-Bennet, dd-b at dd-b.net; http://dd-b.net/ Snapshots: http://dd-b.net/dd-b/SnapshotAlbum/data/ Photos: http://dd-b.net/photography/gallery/ Dragaera: http://dragaera.info