[Logwatch-Devel] New iptables filter

Kenneth Porter shiva@sewingwitch.com
Wed, 12 Nov 2003 07:31:15 -0800


--On Wednesday, November 12, 2003 7:38 AM -0700 Kirk Bauer <kirk@kaybee.org>
wrote:

> I wanted other opinions on this new filter.

Looks nice. The tabular format makes it much easier to see what's going on.

I had to change the prefix expression to "DROP" to match my firewall, but I'd
also like to see separate sections for "ACCEPT" and "REJECT". I can imagine
others wanting to track yet other prefixes, so maybe an outer loop is needed
to go through all of these.

$addresses at line 69 needs to be initialized.

I discovered that the $log_limit parameter sets the report threshold, in
number of hits needed to report an offender.