Well I have the following log rule:

iptables -A INPUT -m limit --limit 3/second --limit-burst 5 -i ! lo -j LOG --log-level 6 --log-prefix "FW_INPUT_DROPPED "

But how can I also have it not log ICMP ? Or better yet how can I have more than one thing set to not log? Thanks in advance

iptables -t mangle -I PREROUTING -s 0/0 -p 1 -j ACCEPT
iptables -t nat -I PREROUTING -s 0/0 -p 1 -j ACCEPT
iptables -t filter -I INPUT -s 0/0 -p 1 -j ACCEPT

this will allow ICMP (ping or traceroutes) into you machine from any ip address.
protocols are in "/etc/protocols" and "man iptables" for iptables commands.

My question was can you exclude more than one thing in a log entry. My log entry says to log all except for "lo" I want to know if I can add icmp or an ip or another service to this log rule. Or can you only specify one thing to exempt frm per iptable rule.

I think you can only exclude one thing of each type, but I'm not sure.

(i.e. you can exclude lo or eth0 but not both at the same time. You can also exclude lo and icmp both, since they aren't on the option)

That being said, adding "-p ! icmp" will exclude icmp packets.

-Derek

why are you logging "-i lo" ? what type of info do you want to capture?

I'm assuming you have a DROP rule after that -j LOG rule...
and you are ACCEPTing specific packets before the drop..

Better to use the chain structure to isolate the protocol..eg

Everything I want to log gets -j jumped to the logging chain..
then those that you don't want logged get -j RETURNed back to the INPUT chain before they can hit the -j LOG rule
The packets you want logged hit the -j LOG rule,
then they return to the INPUT chain automatically
And the final rule DROPs them.. eg

iptables -A INPUT -i ! lo -j logger
iptables -A logger -p icmp -j RETURN
iptables -A logger -p 47 -j RETURN
iptables -A logger -m limit --limit 3/second --limit-burst 5 -i ! lo -j LOG --log-level 6 --log-prefix "FW_INPUT_DROPPED "
.. some ACCEPT rules ...
INPUT DROP POLICY.