Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Debian ISP (http://www.linux-archive.org/debian-isp/)
-   -   iptables MAC addresses (http://www.linux-archive.org/debian-isp/148683-iptables-mac-addresses.html)

"Jim Popovitch" 08-25-2008 07:46 PM
iptables MAC addresses
 
Hi,

I'm using iptables -j LOG to log blocked/throttled connections. These
log entries contain the source and destination MAC addresses... which
will always be the MAC addrs of the single apache box and it's
upstream switch. ;-) Is there any way to tell iptables to *not* log
MAC addresses?

Thanks,

-Jim P.


--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

"Stefano Cislaghi" 08-25-2008 08:02 PM
iptables MAC addresses
 
2008/8/25 Jim Popovitch <yahoo@jimpop.com>:
> Hi,
>
> I'm using iptables -j LOG to log blocked/throttled connections. These
> log entries contain the source and destination MAC addresses... which
> will always be the MAC addrs of the single apache box and it's
> upstream switch. ;-) Is there any way to tell iptables to *not* log
> MAC addresses?

You should use argv:

--mac-source !address

Bye,
Stefano

--
http://www.stefanocislaghi.it/


--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

"Jim Popovitch" 08-25-2008 08:50 PM
iptables MAC addresses
 
On Mon, Aug 25, 2008 at 4:02 PM, Stefano Cislaghi <s.cislaghi@gmail.com> wrote:
> 2008/8/25 Jim Popovitch <yahoo@jimpop.com>:
>> Hi,
>>
>> I'm using iptables -j LOG to log blocked/throttled connections. These
>> log entries contain the source and destination MAC addresses... which
>> will always be the MAC addrs of the single apache box and it's
>> upstream switch. ;-) Is there any way to tell iptables to *not* log
>> MAC addresses?
>
> You should use argv:
>
> --mac-source !address

:-) Perhaps I wasn't clear enough. I do want the log entries... I
just don't want the log entries to contain the MAC addresses (which
are useless to me because they are the same regardless of where the IP
traffic. The host has 1 interface attached to an upstream Foundry,
so the MACs will always be the same.

-Jim P.


--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

"Ing. Otto Marroquin" 08-25-2008 09:47 PM
iptables MAC addresses
 
Jim Popovitch wrote:

On Mon, Aug 25, 2008 at 4:02 PM, Stefano Cislaghi <s.cislaghi@gmail.com> wrote:


2008/8/25 Jim Popovitch <yahoo@jimpop.com>:


Hi,

I'm using iptables -j LOG to log blocked/throttled connections. These
log entries contain the source and destination MAC addresses... which
will always be the MAC addrs of the single apache box and it's
upstream switch. ;-) Is there any way to tell iptables to *not* log
MAC addresses?


You should use argv:

--mac-source !address



:-) Perhaps I wasn't clear enough. I do want the log entries... I
just don't want the log entries to contain the MAC addresses (which
are useless to me because they are the same regardless of where the IP
traffic. The host has 1 interface attached to an upstream Foundry,
so the MACs will always be the same.

-Jim P.



I dont see how to do it with iptables without postprocessing or changing
the source code...

because you don't need all the output from iptables..

Sorry for replying to this thread with another topic; I didn't realize it.

Michael Loftis 08-25-2008 10:06 PM
iptables MAC addresses
 
--On August 25, 2008 4:50:17 PM -0400 Jim Popovitch <yahoo@jimpop.com>
wrote:




:-) Perhaps I wasn't clear enough. I do want the log entries... I
just don't want the log entries to contain the MAC addresses (which
are useless to me because they are the same regardless of where the IP
traffic. The host has 1 interface attached to an upstream Foundry,
so the MACs will always be the same.


Take a look at ulogd. ipt_LOG doesn't support any modification of logging
format.




-Jim P.


--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org







--
Michael Loftis
Modwest Operations Manager
Powerful, Affordable Web Hosting


--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

"Jim Popovitch" 08-25-2008 11:32 PM
iptables MAC addresses
 
On Mon, Aug 25, 2008 at 6:06 PM, Michael Loftis <mloftis@modwest.com> wrote:
> Take a look at ulogd.

Will do. Thanks!

-Jim P.


--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Phil Dyer 08-26-2008 12:53 AM
iptables MAC addresses
 
Jim Popovitch wrote:



:-) Perhaps I wasn't clear enough. I do want the log entries... I
just don't want the log entries to contain the MAC addresses (which
are useless to me because they are the same regardless of where the IP
traffic. The host has 1 interface attached to an upstream Foundry,
so the MACs will always be the same.


sed and awk may be your true friends here. ;)


-Jim P.


phil


--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


All times are GMT. The time now is 06:25 AM.

VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.