Further adventures in Firewall upgrades

[Gerald Combs]

On Mon, 8 Apr 2002, Charles Steinkuehler wrote:

> ipchains/iptables rules.  The price for making your firewall "impervious" in
> this way is forgoing *ALL* user-mode functionality, including logging.  It's

...so why not add code to iptables to log directly to a remote syslog
server?  I can't imagine it would take more than 200 lines of code,
including command parsing, data structures, and syslog packet generation.

This still doesn't solve the scheduled access problem, but it's a start.