It’s always a good thing to log anything you drop this allows you to troubleshoot issues later. In iptables this is very easy. If you place your drop at the bottom of a chain then all you have to do is place a log line right before the drop. Now if you want to add something to identify drops in your log that’s possible too :
-A INPUT rule to trigger drop -j LOG –log-prefix “DROP ”
© 2010, Joseph Griffiths. All rights reserved.