如何查看iptables的log

sunf

大概是我的防火墙rules设得太死了，现在有些应用都出不去了。各位有啥好办法能让我看到iptables的rules。

超级用户

iptables -L

sunf

就事哪些包被挡掉.

超级用户

[quote:84082c39ed="sunf"]就事哪些包被挡掉.[/quote]

不懂您是什么意思。

gugong

TARGET EXTENSIONS
       iptables can use extended target modules: the following are included in the standard distribution.

   LOG
       Turn  on  kernel logging of matching packets.  When this option is set for a rule, the Linux kernel will
       print some information on all matching packets (like most IP header fields) via the kernel log (where it
       can be read with dmesg or syslogd().

       --log-level level
              Level of logging (numeric or see syslog.conf(5)).

       --log-prefix prefix
              Prefix log messages with the specified prefix; up to 29 letters long, and useful for distinguish?
              ing messages in the logs.

       --log-tcp-sequence
              Log TCP sequence numbers. This is a security risk if the log is readable by users.

       --log-tcp-options
              Log options from the TCP packet header.

       --log-ip-options
              Log options from the IP packet header.