iptables log before you drop with a tag

It’s always a good thing to log anything you drop this allows you to troubleshoot issues later.   In iptables this is very easy.  If you place your drop at the bottom of a chain then all you have to do is place a log line right before the drop.  Now if you want to add something to identify drops in your log that’s possible too :

-A INPUT rule to trigger drop -j LOG –log-prefix “DROP “

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.