portsentry

kobartek · 06-12-2003, 05:33 PM

Hello,

my portsentry`s default dropping rule is

KILL_ROUTE="iptables -I INPUT -s $TARGET$ -j DROP"

and it works fine but...
Since I dont use iptables-save/restore options (iptables rules are loaded from file) I would like to save portsenty`s dropping rules into a txt file.

I thougt it might be something like:

KILL_ROUTE="iptables -I INPUT -s $TARGET$ -j DROP >> /etc/rc.d/rc.masq_denied"

but the new rule is not being added into the file.

Any hints?

unSpawn · 06-12-2003, 07:52 PM

Use the custom command an echo/logger the line.

kobartek · 06-13-2003, 02:17 AM

Thank you for your input.

Finally i tested below line and it seems it works ok.

KILL_ROUTE="iptables -I INPUT -s $TARGET$ -j DROP | echo 'iptables -I INPUT -s $TARGET$ -j DROP' >> /etc/rc.d/rc.masq_denied"

unSpawn · 06-13-2003, 02:30 AM

Excellent. Only make it use a semicolon instead of a pipe sign.

kobartek · 06-13-2003, 03:26 AM

Do you mean | should be replaced with ; ?

unSpawn · 06-13-2003, 06:28 AM

Uhuh.