Re: tcp_audit patch

Dan Hollis (
Mon, 26 Apr 1999 15:41:09 -0700 (PDT)

On Mon, 26 Apr 1999, Russell Berry wrote:
> Some time ago, in the 2.0.x kernel era, somebody submitted a patch for strobe
> protection, this patch also had a tcp audit facility like tcpd does, sending
> accepts and rejects to syslog. I liked this part of it, and have modified it
> for 2.2.6 kernel. I haven't formally posted it anywhere yet, as I cannot
> contact the orignal author for the 2.0.x kernel, and he deserves proper credit,
> all I did was make it work in 2.2.x. I'll attach it here for anyone who wants
> to use it, and if anyone can locate the original author, please let me know.

It would also help to log the destination port and IP. For those people
who have multiple interfaces on the same machine. And how about UDP as
well. And as others have pointed out a sysctl interface to enable or
disable would be nice too


To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
Please read the FAQ at