Hey all,

Here is my iptables config for a FC1 box. The third last line is there to log all connection attempts on closed ports, but it is also logging all entries for the subnet broadcast address. How do I make it only log attempts to connect to ports on the local IP address.



*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j LOG
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

You could try ignoring all broadcast traffic by changing the third last line to:

-A RH-Firewall-1-INPUT -j LOG -m pkttype ! --pkt-type broadcast

This will ignore all incoming broadcast traffic though. There isn't enough information in your post to suggest another option.

Thanks hazza,

Exactly what I was after!