I'm (still) trying to build an iptables firewall, but this time, I'm stuck trying to log dropped packets. Here is how I'm doing this (this code is inserted after the ACCEPT rules; $IPT represents the absolute path to iptables, here /sbin/iptables):
$IPT -N LOGDROP
$IPT -A LOGDROP -j LOG -m limit --limit 5/min -j LOG --log-level debug --log-prefix "iptables rejected: "
$IPT -A LOGDROP -j DROP
$IPT -A INPUT -s 0/0 -j LOGDROP
$IPT -A OUTPUT -j LOGDROP
$IPT -A FORWARD -j LOGDROP
When I try to execute this code, iptables rejects it, saying :
iptables v1.4.8: multiple -j flags not allowed
Try `iptables -h' or 'iptables --help' for more information.
And yet, I saw everywhere on the web that this is the way to apply two actions on selected packets, so why is my iptables version in such a bad mood?
You have specified
-j LOGtwice in this line: