|
|
单机规则A:
#! /bin/bash
/sbin/iptables -P INPUT DROP # 丢弃
/sbin/iptables -A INPUT -i ppp0 -j ACCEPT # 放行
/sbin/iptables -A INPUT -i ppp0 -m ESTABLISHED -j ACCEPT
/sbin/iptables -A INPUT -i ppp0 -j LOG --log-prefix "IPTBLES日志"
------------------------------------------------
执行规则:
w@w-laptop:~$ sudo /bin/bash A
w@w-laptop:~$
------------------------------------------------
日志文件:message
w@w-laptop:~$ tail /var/log/messages | nl
1 Feb 19 15:58:34 w-laptop kernel: [ 44.096028] [drm] DAC-6: set mode 640x480 0
2 Feb 19 15:58:34 w-laptop kernel: [ 44.161058] i2c-adapter i2c-1: unable to read EDID block.
3 Feb 19 15:58:34 w-laptop kernel: [ 44.161070] i915 0000:00:02.0: LVDS-1: no EDID data
4 Feb 19 15:58:34 w-laptop kernel: [ 44.204267] [drm] TV-12: set mode NTSC 480i 0
5 Feb 19 15:58:34 w-laptop kernel: [ 44.346237] [drm] TV-12: set mode NTSC 480i 0
6 Feb 19 17:00:52 w-laptop pulseaudio[1804]: ratelimit.c: 6 events suppressed
7 Feb 19 17:39:35 w-laptop kernel: [ 6105.762846] nf_conntrack version 0.5.0 (8056 buckets, 32224 max)
8 Feb 19 17:39:35 w-laptop kernel: [ 6105.763370] CONFIG_NF_CT_ACCT is deprecated and will be removed soon. Please use
9 Feb 19 17:39:35 w-laptop kernel: [ 6105.763379] nf_conntrack.acct=1 kernel parameter, acct=1 nf_conntrack module option or
10 Feb 19 17:39:35 w-laptop kernel: [ 6105.763387] sysctl net.netfilter.nf_conntrack_acct=1 to enable it.
w@w-laptop:~$
---------------------------------------------------
最后一行规则:在日志前加上前缀。
为什么在日志文件:message查看不到前缀?这个日志文件分为N栏,是怎样理解它的? |
本帖子中包含更多资源
您需要 登录 才可以下载或查看,没有帐号?注册
x
|
IP卡
狗仔卡
发表于 2010-2-19 17:05:43
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡