It’s always a good thing to log anything you drop this allows you to troubleshoot issues later.   In iptables this is very easy.  If you place your drop at the bottom of a chain then all you have to do is place a log line right before the drop.  Now if you want to add something to identify drops in your log that’s possible too :

-A INPUT rule to trigger drop -j LOG –log-prefix “DROP ”

© 2010, Joseph Griffiths. All rights reserved.

Leave a Reply