Further adventures in Firewall upgrades
Gerald Combs
gerald at ethereal.com
Mon Apr 8 21:28:29 CDT 2002
On Mon, 8 Apr 2002, Charles Steinkuehler wrote:
> ipchains/iptables rules. The price for making your firewall "impervious" in
> this way is forgoing *ALL* user-mode functionality, including logging. It's
...so why not add code to iptables to log directly to a remote syslog
server? I can't imagine it would take more than 200 lines of code,
including command parsing, data structures, and syslog packet generation.
This still doesn't solve the scheduled access problem, but it's a start.
More information about the Kclug
mailing list