Debugger for Iptables

I can’t think of a direct solution, but I can think of a round about way of tracking a packet.

  1. Log each rule with a log prefix directive (–log-prefix “Rule 34”)
  2. Generate a test packet or packet stream with scapy and set the TOS field to something unique
  3. grep the log file output for that TOS setting and see which rules logged it.

Leave a Comment